CVE-2025-11336 | Four-Faith Water Conservancy Informatization Platform up to 2.2 download.do;otherlogout.do fileName path traversal

A vulnerability labeled as critical has been found in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such manipulation of the argument fileName leads to path traversal.

This vulnerability is listed as CVE-2025-11336. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11336 | Four-Faith Water Conservancy Informatization Platform up to 2.2 download.do;otherlogout.do fileName path traversal

Post correlati

CVE-2025-24928 | xmlsoft libxml2 up to 2.12.9/2.13.5 valid.c xmlSnprintfElements stack-based overflow (Issue 847)

CVE-2025-51503 | Microweber CMS 2.0 User Profile cross site scripting

CVE-2025-7540 | code-projects Online Appointment Booking System 1.0 /getclinic.php townid sql injection

CVE-2025-55013 | CybercentreCanada assemblyline up to 4.6.1.dev137 task_handler.py path traversal (GHSA-75jv-vfxf-3865)