Home

Description

EN DE

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding.

Eine Schwachstelle wurde in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd gefunden. Hierbei betrifft es die Funktion getImgUrl der Datei WxActGoldeneggsPrizesController.java. Die Veränderung des Parameters imgurl resultiert in path traversal. Der Angriff lässt sich über das Netzwerk starten. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden. Das Produkt nutzt ein Rolling Release für die kontinuierliche Auslieferung. Deshalb gibt es keine Versionsangaben zu betroffenen oder aktualisierten Releases.

PUBLISHED Reserved 2025-11-03 | Published 2025-11-03 | Updated 2025-11-03 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4.0AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Path Traversal

Product status

641ab52c3e1845fec39996d7794c33fb40dad1dd
affected

Timeline

2025-11-03:Advisory disclosed
2025-11-03:VulDB entry created
2025-11-03:VulDB entry last update

Credits

fushuling (VulDB User) reporter

References

github.com/jeecgboot/jeewx-boot/issues/17 exploit

github.com/jeecgboot/jeewx-boot/issues/47 exploit

vuldb.com/?id.330916 (VDB-330916 | jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java getImgUrl path traversal) vdb-entry technical-description

vuldb.com/?ctiid.330916 (VDB-330916 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.678926 (Submit #678926 | jeecgboot jeewx-boot up to 641ab52 Arbitrary file reading) third-party-advisory

github.com/jeecgboot/jeewx-boot/issues/17 issue-tracking

github.com/jeecgboot/jeewx-boot/issues/47 exploit issue-tracking

cve.org (CVE-2025-12626)

nvd.nist.gov (CVE-2025-12626)

Download JSON