关键漏洞信息 CVE-2025-1980 Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434) Vulnerable Versions: From 7.0.0.0 through 7.19.39.23 Description: The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, it can result in Remote Code Execution. CVE-2025-1981 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) Vulnerable Versions: From 7.0.0.0 through 7.19.39.23 Description: Improper neutralization of input provided by a low-privileged user into a file search functionality allows for SQL Injection attacks. CVE-2025-1982 Vulnerability Type: Files or Directories Accessible to External Parties (CWE-552) Vulnerable Versions: From 7.0.0.0 through 7.19.39.23 Description: Local File Inclusion vulnerability allows a low-privileged user to provide a link to a local file using the file:// protocol, allowing the attacker to read content of the file. CVE-2025-1983 Vulnerability Type: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') (CWE-79) Vulnerable Versions: From 7.0.0.0 through 7.19.39.23 Description: A cross-site scripting (XSS) vulnerability in the File Explorer upload functionality allows injection of arbitrary JavaScript code in the filename, which is executed when a user interacts with the uploaded file.