CVE-2025-15432

Name of the Vulnerable Software and Affected Versions yeqifu carRental (affected versions not specified)

Description A path traversal issue exists due to the manipulation of the path argument within the downloadShowFile function located in /file/downloadShowFile.action of the com.yeqifu.sys.controller.FileController component. This allows for remote exploitation. The exploit has been publicly disclosed. The product utilizes a rolling release model, making specific version information unavailable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.