PT-2025-44761 · Unknown+1 · Jeecg-Boot+1
Fushuling
·
Published
2025-11-03
·
Updated
2025-11-03
·
CVE-2025-12626
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
jeecgboot jeewx-boot versions prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd
Description
A security flaw exists in jeecgboot jeewx-boot. Manipulation of the
imgurl argument in the getImgUrl function within the WxActGoldeneggsPrizesController.java file can lead to path traversal. Remote exploitation is possible, and an exploit has been publicly released. The issue's initial fix can be bypassed with additional encoding.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeecg-Boot
Jeewx-Boot