CVE-2026-2864 | feng_ha_ha/megagao ssm-erp/production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097 PictureController.java pictureDelete picName path traversal (Issue 38)

A vulnerability classified as critical was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-2864. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2864 | feng_ha_ha/megagao ssm-erp/production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097 PictureController.java pictureDelete picName path traversal (Issue 38)

Post correlati

CVE-2025-11161 | WPBakery Page Builder Plugin up to 8.6.1 on WordPress vc_custom_heading font_container cross site scripting

CVE-2024-34402 | uriparser up to 0.9.7 UriQuery.c ComposeQueryEngine integer overflow (ID 183)

CVE-2022-24807 | Net-SNMP up to 5.9.1 OID vacmAccessTable unknown vulnerability

CVE-2024-2727 | Ciges CIGESv2 Confirmation Message cross site scripting