CVE-2025-10709 | Four-Faith Water Conservancy Informatization Platform 1.0 historyDownload.do;otheruserLogin.do;getfile fileName path traversal

A vulnerability classified as critical was found in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal.

This vulnerability is identified as CVE-2025-10709. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10709 | Four-Faith Water Conservancy Informatization Platform 1.0 historyDownload.do;otheruserLogin.do;getfile fileName path traversal

Post correlati

CVE-2024-31451 | arc53 DocsGPT up to 0.8.0 routes.py path traversal (GHSA-p5qc-vj2x-9rjp)

CVE-2024-8086 | SourceCodester E-Commerce System 1.0 Admin Login login.php user_email sql injection

CVE-2024-23615 | Symantec Messaging Gateway up to 10.5 memory corruption

CVE-2024-6265 | UsersWP Plugin up to 1.2.10 on WordPress uwp_sort_by sql injection