CVE-2025-9650 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 AppFileUtils.java removeFileByPath carimg path traversal

A vulnerability marked as critical has been reported in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-9650. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery

CVE-2025-9650 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 AppFileUtils.java removeFileByPath carimg path traversal

Post correlati

CVE-2024-33591 | Tips and Tricks HQ Easy Accept Payments Plugin up to 4.9.10 on WordPress authorization

CVE-2024-43199 | Nagios NDOUtils up to 2.1.3 Executable File Privilege Escalation

CVE-2024-7513 | Rockwell Automation FactoryTalk View Site Edition 13.0 permission assignment (icsa-24-226-06)

CVE-2025-1648 | yawaveadmin Yawave Plugin up to 2.9.1 on WordPress lbid sql injection