CVE-2026-7519

HIGH

Fujian Apex LiveBOS Endpoint UploadImage.do path traversal

Title source: cna

Description

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.

References (4)

Core 4

Core References

Exploit exploit

https://my.feishu.cn/docx/TCyMdptvaoTQCvxkHLbceJZCnge?from=from_copylink

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360333 | Fujian Apex LiveBOS Endpoint UploadImage.do path traversal

https://vuldb.com/vuln/360333

Signature, Permissions Required signature permissions-required

VDB-360333 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360333/cti

Third Party Advisory third-party-advisory

Submit #804096 | FUJIAN APEX SOFTWARE CO., LTD. LiveBOS <2.1 Remote Code Execution

https://vuldb.com/submit/804096

Scores

CVSS v3 7.3

EPSS 0.0042

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

Fujian Apex/LiveBOS 2.0

Fujian Apex/LiveBOS 2.1

Published May 01, 2026

Tracked Since May 01, 2026