CVE-2025-15432 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path path traversal (Issue 46)

A vulnerability was found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. It has been rated as critical. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path leads to path traversal.

This vulnerability is listed as CVE-2025-15432. The attack may be initiated remotely. In addition, an exploit is available.

This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15432 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path path traversal (Issue 46)

Post correlati

CVE-2023-6525 | ElementsKit Elementor Addons Plugin up to 3.0.3 on WordPress cross site scripting

CVE-2024-35722 | A WP Life Slider Responsive Slideshow Plugin up to 1.4.0 on WordPress authorization

CVE-2024-7155 | TOTOLINK A3300R 17.0.0cu.557_B20221024 /etc/shadow.sample hard-coded password

CVE-2023-53605 | Linux Kernel up to 5.10.172/5.15.98/6.1.15/6.2.2 drm dc_construct_ctx memory leak