Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Fujian Apex
CVE-2026-7519 (GCVE-0-2026-7519)
Vulnerability from cvelistv5 – Published: 2026-05-01 00:45 – Updated: 2026-05-01 14:15
VLAI
Title
Fujian Apex LiveBOS Endpoint UploadImage.do path traversal
Summary
A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360333 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360333/cti | signaturepermissions-required |
| https://vuldb.com/submit/804096 | third-party-advisory |
| https://my.feishu.cn/docx/TCyMdptvaoTQCvxkHLbceJZ… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fujian Apex | LiveBOS |
Affected:
2.0
Unaffected: 2.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7519",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:10:52.596370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:15:54.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Endpoint"
],
"product": "LiveBOS",
"vendor": "Fujian Apex",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "unaffected",
"version": "2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0menc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T00:45:38.424Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360333 | Fujian Apex LiveBOS Endpoint UploadImage.do path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360333"
},
{
"name": "VDB-360333 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360333/cti"
},
{
"name": "Submit #804096 | FUJIAN APEX SOFTWARE CO., LTD. LiveBOS \u003c2.1 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/804096"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/docx/TCyMdptvaoTQCvxkHLbceJZCnge?from=from_copylink"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-30T18:36:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fujian Apex LiveBOS Endpoint UploadImage.do path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7519",
"datePublished": "2026-05-01T00:45:38.424Z",
"dateReserved": "2026-04-30T16:30:58.306Z",
"dateUpdated": "2026-05-01T14:15:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}