Hfly
Monthly
Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.
Path traversal vulnerability in baowzh hfly allows authenticated remote attackers to read arbitrary files via manipulation of the filename parameter in the /admin/index.php/datafile/download endpoint. The vulnerability affects versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, with publicly available exploit code disclosed and no vendor response to early disclosure notification. CVSS score of 2.1 reflects limited confidentiality impact but the low EPSS (0.15%) suggests minimal real-world exploitation despite public disclosure.
Arbitrary file deletion via path traversal in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated remote attackers to delete files by manipulating the filename parameter in /admin/index.php/datafile/delfile. The vulnerability has public exploit code available but remains low-risk due to authentication requirement and limited scope (information integrity impact only).
Stored cross-site scripting (XSS) in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated users with user interaction to inject malicious scripts via the /admin/index.php/advtext/add endpoint in the advtext module. Public exploit code is available, and the vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, but the EPSS score of 0.05% indicates minimal real-world exploitation probability despite public availability of proof-of-concept code.
Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.
Path traversal vulnerability in baowzh hfly allows authenticated remote attackers to read arbitrary files via manipulation of the filename parameter in the /admin/index.php/datafile/download endpoint. The vulnerability affects versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, with publicly available exploit code disclosed and no vendor response to early disclosure notification. CVSS score of 2.1 reflects limited confidentiality impact but the low EPSS (0.15%) suggests minimal real-world exploitation despite public disclosure.
Arbitrary file deletion via path traversal in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated remote attackers to delete files by manipulating the filename parameter in /admin/index.php/datafile/delfile. The vulnerability has public exploit code available but remains low-risk due to authentication requirement and limited scope (information integrity impact only).
Stored cross-site scripting (XSS) in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated users with user interaction to inject malicious scripts via the /admin/index.php/advtext/add endpoint in the advtext module. Public exploit code is available, and the vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, but the EPSS score of 0.05% indicates minimal real-world exploitation probability despite public availability of proof-of-concept code.