{"id":8175,"date":"2025-07-14T12:06:51","date_gmt":"2025-07-14T12:06:51","guid":{"rendered":"http:\/\/localhost\/?p=8175"},"modified":"2025-07-14T12:06:51","modified_gmt":"2025-07-14T12:06:51","slug":"yijiusmile-kkfileviewofficeedit-download-path-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8175","title":{"rendered":"YiJiuSmile kkFileViewOfficeEdit download path traversal"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nYiJiuSmile kkFileViewOfficeEdit download path traversal<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-14T16:14:05.423Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-14T16:14:05.423Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nYiJiuSmile<\/td>\n<\/tr>\n
Product<\/th>\nkkFileViewOfficeEdit<\/td>\n<\/tr>\n
Version<\/th>\n5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical path traversal vulnerability in YiJiuSmile’s kkFileViewOfficeEdit allows remote attackers to access arbitrary files by manipulating the ‘url’ argument in the Download function. This vulnerability has been publicly disclosed and could be exploited.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nYiJiuSmile<\/td>\n<\/tr>\n
AI Product<\/th>\nkkFileViewOfficeEdit<\/td>\n<\/tr>\n
AI Version<\/th>\n5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n