CVE-2025-34045

Source
https://cve.org/CVERecord?id=CVE-2025-34045
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34045.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34045
Published
2025-06-26T15:51:37.884Z
Modified
2026-07-15T01:49:16.812753707Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
WeiPHP Path Traversal Arbitrary File Read
Details

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/34xxx/CVE-2025-34045.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/projectdiscovery/nuclei-templates

Affected ranges

Type
GIT
Repo
https://github.com/projectdiscovery/nuclei-templates
Events
Database specific
{
    "cpe": "cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "5.0"
        },
        {
            "last_affected": "5.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ]
}

Affected versions

5.*
5.0
v5.*
v5.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34045.json"