Four-Faith Water Conservancy Informatization Platform historyDownload.do;usrlogout.do path traversal_CVE-2025-10708

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10708

Source VulDB

Published Sep 19, 2025 at 11:32

Affected Product

Vendor Four-Faith

Product Water Conservancy Informatization Platform

Version 1.0

Affected Versions Four-Faith Water Conservancy Informatization Platform 1.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-19T11:32:13.078Z",
    "modified": "2025-09-19T11:32:13.078Z",
    "type": "cve",
    "title": "Four-Faith Water Conservancy Informatization Platform historyDownload.do;usrlogout.do path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.324996\nhttps://vuldb.com/?ctiid.324996\nhttps://vuldb.com/?submit.644871\nhttps://github.com/Cstarplus/CVE/issues/4",
    "id": "CVE-2025-10708",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Four-Faith Water Conservancy Informatization Platform 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Water Conservancy Informatization Platform",
    "version": "1.0",
    "vendor": "Four-Faith",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}