CVE-2026-7519 | THREATINT

Description

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.

PUBLISHED Reserved 2026-04-30 | Published 2026-05-01 | Updated 2026-05-01 | Assigner VulDB

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Path Traversal

Product status

2.0

affected

2.1

unaffected

Timeline

2026-04-30:	Advisory disclosed
2026-04-30:	VulDB entry created
2026-04-30:	VulDB entry last update

Credits

0menc (VulDB User) reporter

References

vuldb.com/vuln/360333 (VDB-360333 | Fujian Apex LiveBOS Endpoint UploadImage.do path traversal) vdb-entry technical-description

vuldb.com/vuln/360333/cti (VDB-360333 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/804096 (Submit #804096 | FUJIAN APEX SOFTWARE CO., LTD. LiveBOS <2.1 Remote Code Execution) third-party-advisory

my.feishu.cn/...yMdptvaoTQCvxkHLbceJZCnge?from=from_copylink exploit

cve.org (CVE-2026-7519)

nvd.nist.gov (CVE-2026-7519)

Download JSON