Description
A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.
Published: 2026-05-01
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the UploadImage.do endpoint of Fujian Apex LiveBOS. An attacker can supply a crafted filename parameter that causes the application to resolve paths outside the intended directory, enabling access to arbitrary files on the server. Because the vulnerability is reachable over the network, the attacker can exploit it remotely and read or potentially execute sensitive files, which may lead to further compromise.

Affected Systems

The affected product is Fujian Apex LiveBOS versions up to 2.0. The recommended fix is to upgrade the component to version 2.1 or later, which closes the path traversal flaw. Administrators should verify whether any lower versions are in use and plan an upgrade accordingly.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. No EPSS data is available, and the issue is not listed in CISA's KEV catalog. Nonetheless, the presence of a publicly disclosed exploit and remote reachability make it a realistic threat to systems exposed to the internet.

Generated by OpenCVE AI on May 1, 2026 at 23:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LiveBOS component to version 2.1 or later.
  • Restrict external network access to the /feed/UploadImage.do endpoint if it is not required.
  • Add input validation on the filename parameter to reject any traversal characters and enforce a safe directory path.

Generated by OpenCVE AI on May 1, 2026 at 23:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Fujian Apex
Fujian Apex livebos
Vendors & Products Fujian Apex
Fujian Apex livebos

Fri, 01 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.
Title Fujian Apex LiveBOS Endpoint UploadImage.do path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Fujian Apex Livebos
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T14:15:54.655Z

Reserved: 2026-04-30T16:30:58.306Z

Link: CVE-2026-7519

cve-icon Vulnrichment

Updated: 2026-05-01T14:15:35.792Z

cve-icon NVD

Status : Deferred

Published: 2026-05-01T01:16:17.910

Modified: 2026-05-01T15:26:24.553

Link: CVE-2026-7519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:00:14Z

Weaknesses