CVE-2025-15449 (CNNVD-202601-952)
中文标题:
mall 路径遍历漏洞
英文标题:
cld378632668 JavaMall MinioController.java delete path traversal
漏洞描述
中文描述:
mall是macro个人开发者的一套电商系统,包括前台商城系统及后台管理系统。 mall 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0及之前版本存在路径遍历漏洞,该漏洞源于对文件src/main/java/com/macro/mall/controller/MinioController.java中函数delete的参数objectName的错误操作,可能导致路径遍历。
英文描述:
A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cld378632668 | JavaMall | 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 | - | - |
cpe:2.3:a:cld378632668:javamall:994f1e2b019378ec9444cdf3fce2d5b5f72d28f0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
4.0 (cna)
MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:X/RC:R
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:X/RC:R
2.0 (cna)
MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P/E:ND/RL:ND/RC:UR
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-15449 |
2026-01-07 02:47:01 | 2026-01-12 02:11:13 |
| NVD | nvd_CVE-2025-15449 |
2026-01-09 03:00:07 | 2026-01-12 02:27:35 |
| CNNVD | cnnvd_CNNVD-202601-952 |
2026-01-11 06:15:07 | 2026-01-12 02:38:16 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 路径遍历
- cnnvd_id: 未提取 -> CNNVD-202601-952
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']