CVE-2025-13266 | wwwlike vlife up to 2.0.1 VLifeApi SysFileApi.java create fileName path traversal

A vulnerability, which was classified as problematic, was found in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal.

This vulnerability is referenced as CVE-2025-13266. It is possible to launch the attack remotely. Furthermore, an exploit is available.VulDB Recent EntriesRead More