CVE Details
Basic Information
| Title | diyhi bbs API ForumManageAction.java add path traversal |
|---|---|
| Type | cve |
| Published | 2025-06-22T02:31:05.226Z |
| Last Seen |
Product Information
| Vendor | diyhi |
|---|---|
| Product | bbs |
| Version | 6.8 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in diyhi bbs 6.8 allows remote path traversal via the dirName argument in ForumManageAction.java. This could enable attackers to access unauthorized files. The exploit is publicly available, increasing the risk of attack. |
|---|---|
| AI Severity | Medium |
| Vendor | diyhi |
| Product | diyhi bbs |
| Affected Version | 6.8 |
Affected Products
- diyhi bbs 6.8
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.