PT-2025-50614 · Unknown · Baowzh Hfly
Webray.Com.Cn
·
Published
2025-12-11
·
Updated
2025-12-11
·
CVE-2025-14520
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c
Description
A path traversal weakness exists in baowzh hfly. The issue is related to the manipulation of the
filename argument within an unknown function of the file '/admin/index.php/datafile/delfile'. This allows for remote exploitation. The exploit has been publicly released. The vendor was notified but did not respond.Recommendations
Versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c should be updated.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Baowzh Hfly