ByteOS Network

yeqifu

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-9650

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-29 Aug, 2025 | 14:02

Updated-29 Aug, 2025 | 16:24

yeqifu carRental AppFileUtils.java removeFileByPath path traversal

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery

Vendor-yeqifu

Product-carRental

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-9310

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-0.04% / 10.52%

7 Day CHG+0.01%

Published-21 Aug, 2025 | 16:32

Updated-22 Aug, 2025 | 18:08

yeqifu carRental Druid login.html hard-coded credentials

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Vendor-yeqifu

Product-carRental

CWE ID-CWE-259

Use of Hard-coded Password

CWE ID-CWE-798

Use of Hard-coded Credentials