{"id":7140,"date":"2025-06-21T22:06:44","date_gmt":"2025-06-21T22:06:44","guid":{"rendered":"http:\/\/localhost\/?p=7140"},"modified":"2025-06-21T22:06:44","modified_gmt":"2025-06-21T22:06:44","slug":"diyhi-bbs-api-forummanageactionjava-add-path-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7140","title":{"rendered":"diyhi bbs API ForumManageAction.java add path traversal"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\ndiyhi bbs API ForumManageAction.java add path traversal<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-22T02:31:05.226Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ndiyhi<\/td>\n<\/tr>\n
Product<\/th>\nbbs<\/td>\n<\/tr>\n
Version<\/th>\n6.8<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in diyhi bbs 6.8 allows remote path traversal via the dirName argument in ForumManageAction.java. This could enable attackers to access unauthorized files. The exploit is publicly available, increasing the risk of attack.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\ndiyhi<\/td>\n<\/tr>\n
Product<\/th>\ndiyhi bbs<\/td>\n<\/tr>\n
Affected Version<\/th>\n6.8<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n