MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-65879

🔴 HIGH

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concate...

Published
Dec 05, 2025
Last Modified
Dec 12, 2025
Views
10
Bookmarks
0

Description

Request Expert Review

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Affected Products (1)

yeqifu - warehouse_management_system

Version: *

CVSS Scores

CVSS 3.1 8.1
8.1
HIGH
CVSS 2.0 8.1

References

github.com

Additional Information

Source
cve@mitre.org
State
Analyzed

Related CVEs

CVE-2025-67847

HIGH

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to ins...

Score: 8.8

CVE-2025-3839

HIGH

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be...

Score: 8.0

CVE-2025-15522

MEDIUM

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scrip...

Score: 6.4

CVE-2026-0796

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0795

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0794

HIGH

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

Score: 8.1

Share CVE-2025-65879

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-65879 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis