← Back

Warehouse Management System

warehouse_management_system

Vendor: Yeqifu • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-65879
1Yeqifu
1Warehouse Management System
Dec 12, 2025
Dec 5, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the serve...Show more
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.Show less
CVE-2025-65878
1Yeqifu
1Warehouse Management System
Dec 12, 2025
Dec 5, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory trave...Show more
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.Show less