CVE-2025-5509 | quequnlong shiyi-blog up to 1.2.1 /api/file/upload file/source path traversal

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-5509. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5509 | quequnlong shiyi-blog up to 1.2.1 /api/file/upload file/source path traversal

Post correlati

CVE-2024-33764 | lunasvg 2.3.9 lunasvg/source/element.h stack-based overflow

CVE-2024-25507 | RuvarOA 6.01/12.01 /LHMail/AttachDown.aspx email_attach_id sql injection

CVE-2024-22409 | DataHub up to 0.12.0 default permission (GHSA-x3v6-r479-m4xv)

CVE-2022-35202 | Sitevision up to 10.3.1 information disclosure