Four-Faith Water Conservancy Informatization Platform download.do;usrlogout.do.do path traversal_CVE-2025-11018

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11018

Source VulDB

Published Sep 26, 2025 at 14:02

Affected Product

Vendor Four-Faith

Product Water Conservancy Informatization Platform

Version 1.0

Affected Versions Four-Faith Water Conservancy Informatization Platform 1.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-26T14:02:08.786Z",
    "modified": "2025-09-26T14:02:08.786Z",
    "type": "cve",
    "title": "Four-Faith Water Conservancy Informatization Platform download.do;usrlogout.do.do path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325961\nhttps://vuldb.com/?ctiid.325961\nhttps://vuldb.com/?submit.650695\nhttps://github.com/MMarch7/CVE/issues/1",
    "id": "CVE-2025-11018",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Four-Faith Water Conservancy Informatization Platform 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Water Conservancy Informatization Platform",
    "version": "1.0",
    "vendor": "Four-Faith",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}