CVE-2025-34045

216.73.217.22

· Published 26/06/2025 16:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-34045 2025-06-26 CVE-2025-34045 CWE-20 [email protected]

Essential information

Published: 26/06/2025 16:15
Modified: 26/06/2025 18:57
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
shenzhen yuanmengyun technology co ltd / wei php	`cpe:2.3:a:shenzhen_yuanmengyun_technology_co_ltd:wei_php:5.0:::::::*`