PT-2025-3861 · Guangzhou Huayi Intelligent Technology · Jeewms
Rabbit
·
Published
2025-01-11
·
Updated
2025-01-11
·
CVE-2025-0390
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229
Description
A critical issue was found in the software, affecting the file /wmOmNoticeHController.do, which allows for path traversal using '../filedir'. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.
Recommendations
For versions up to 20241229, upgrade to version 20250101 to address this issue.
As a temporary workaround, consider restricting access to the /wmOmNoticeHController.do file until the upgrade is applied.
Exploit
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeewms