CVE-2025-9650 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 AppFileUtils.java removeFileByPath carimg path traversal

A vulnerability marked as critical has been reported in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-9650. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery

CVE-2025-9650 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 AppFileUtils.java removeFileByPath carimg path traversal

Post correlati

CVE-2024-21152 | Oracle Process Manufacturing Financials up to 12.2.13 Allocation Rules allocation of resources

CVE-2024-25770 | libming 0.4.8 listaction.c memory leak

CVE-2023-7084 | Voting Record Plugin up to 2.0 on WordPress cross site scripting

CVE-2025-54536 | JetBrains TeamCity up to 2025.03.3 GraphQL Endpoint cross-site request forgery