CVE-2026-7024— rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal

CVSS 5.4 · Medium EPSS 0.07% · P21 Updated Apr 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-7024

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

SIMS 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SIMS是RawChen个人开发者的一款学生与老师信息管理工具。 SIMS 004f783b1db5ecdfad81c8fdc3b34171211112de及之前版本存在路径遍历漏洞，该漏洞源于deleteFileServlet Endpoint组件中文件sims-master/src/web/servlet/file/DeleteFileServlet.java的filename参数操作，可能导致路径遍历。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
rawchen	sims	004f783b1db5ecdfad81c8fdc3b34171211112de	-

II. Public POCs for CVE-2026-7024

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-7024

请登录查看更多情报信息。

rawchen/sims has a Unauthorized Arbitrary File Delete Vulnerability · Issue #2 · yingxiujie/cveexploitissue-tracking
Submit #797682: sims Latest Unauthorized Arbitrary File Delete Vulnerabilitythird-party-advisory
CVE-2026-7024 | rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de deleteFileServlet Endpoint DeleteFileServlet.java filename path traversalvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2026-7024

IV. Related Vulnerabilities

Same vendor: rawchen

CVE-2025-15149
rawchen ecms Add New Product updateProductServlet.java updat

Same weakness: CWE-22

V. Comments for CVE-2026-7024

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-7024— rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal

I. Basic Information for CVE-2026-7024

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-7024

III. Intelligence Information for CVE-2026-7024

IV. Related Vulnerabilities

V. Comments for CVE-2026-7024

Leave a comment