huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload_CVE-2026-2665

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2665

Source VulDB

Published Feb 18, 2026 at 20:02

Modified Feb 18, 2026 at 20:37

Affected Product

Vendor huanzi-qch

Product base-admin

Version 57a8126bb3353a004f3c7722089e3b926ea83596

Affected Versions huanzi-qch base-admin 57a8126bb3353a004f3c7722089e3b926ea83596

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-18T20:02:07.555Z",
    "modified": "2026-02-18T20:37:34.134Z",
    "type": "cve",
    "title": "huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346462\nhttps://vuldb.com/?ctiid.346462\nhttps://vuldb.com/?submit.753240\nhttps://github.com/huanzi-qch/base-admin/issues/38\nhttps://github.com/huanzi-qch/base-admin/issues/38#issue-3905100373\nhttps://github.com/huanzi-qch/base-admin/",
    "id": "CVE-2026-2665",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "huanzi-qch base-admin 57a8126bb3353a004f3c7722089e3b926ea83596",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "base-admin",
    "version": "57a8126bb3353a004f3c7722089e3b926ea83596",
    "vendor": "huanzi-qch",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}