CNNVD-202506-3327 Information

Jun 26, 2025 cve

CNNVD ID

CNNVD-202506-3327

CVE-2025-34045

CNNVD Published: 2025-06-26

Description (Chinese)

Weiphp WeiPHP是中国深圳圆梦云（Weiphp）公司的一款支持开发公众号、小程序的微信开发平台。 Weiphp WeiPHP 5.0版本存在路径遍历漏洞，该漏洞源于对文件/public/index.php/material/Material/_download_imgage中参数picUrl的错误操作,导致路径遍历攻击。

Description (English)

Weiphp WeiPHP is a Weiphp company in Shenzhen, China, that supports the development of a public sign, micro-program and micro-credit development platform. Version 5.0 of the Weiphp WeiPHP has a path-to-path loophole, which stems from a mishandling of the picUrl parameter in the file/public/index.php/technical/ download imgage, leading to a path-to-path attack.

Hazard Level

Medium

Vulnerability Type

路径遍历

Published

2025-06-26

Last Modified

2026-02-24

References

https://github.com/projectdiscovery/nuclei-templates/blob/main/ https://www.cnvd.org.cn/flaw/show/CNVD-2020-68596 https://vulncheck.com/advisories/weiphp-path-traversal-file-read https://access.redhat.com/security/cve/cve-2025-34045

Share on: