CVE-2025-65879

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Warehouse Management System version 1.2

Description The software contains an authenticated arbitrary file deletion issue. The /goods/deleteGoods API endpoint accepts a user-controlled goodsimg parameter. This parameter is directly concatenated with the server's UPLOAD PATH and passed to the File.delete() function without proper validation. An authenticated attacker can delete arbitrary files on the server by providing directory traversal payloads through the goodsimg parameter.

Recommendations Apply input validation to the goodsimg parameter of the /goods/deleteGoods endpoint to prevent directory traversal.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-65879

Affected Products

Warehouse Management System

CVE-2025-65879

Weakness Enumeration

Related Identifiers

Affected Products

References · 7