MEDIUM🇬🇧 English

CVE-2025-52237

CVSS 6.5v3.1pub. 2025-08-05upd. 2026-07-05

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Sscms

    APP
    Sscms
    7.3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-43953MEDIUM5.4ten sam produkt

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management co...

CVE-2022-44298CRITICAL9.8ten sam vendor

SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

CVE-2022-44297CRITICAL9.8ten sam vendor

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

CVE-2021-42654CRITICAL9.8ten sam vendor

SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which co...

CVE-2022-28118CRITICAL9.8ten sam vendor

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.