CVE-2025-34045
published 2025-06-26CVE-2025-34045: A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology…
PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.31%
89.9th percentile
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shenzhen_yuanmengyun_technology_co_ltd | weiphp | — | — |
| weiphp | weiphp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /public/index.php/material/Material/_download_imgage with a picUrl parameter containing path traversal sequences (e.g., ../ or ./../). ↗
- →Alert on POST requests to the _download_imgage endpoint where picUrl references sensitive files such as config/database.php, which would expose database credentials. ↗
- →Successful exploitation can be confirmed by the presence of 'DB_PREFIX' in HTTP response bodies from the _download_imgage endpoint, indicating a database configuration file was read. ↗
- →Monitor for a two-stage exploitation pattern: an initial POST to _download_imgage followed by a GET to /public/index.php/home/file/user_pics and then retrieval of a file from /public/uploads/picture/. ↗
- →Exploitation of this CVE was observed in the wild by the Shadowserver Foundation on 2025-02-05 UTC; treat any matching traffic from that date onward as high-priority. ↗
- ·The vulnerability is unauthenticated — no session token or credentials are required to exploit it, meaning perimeter authentication controls alone are insufficient. ↗
- ·The picUrl parameter is supplied as a query-string argument on a POST request, so WAF rules must inspect the URL query string of POST requests, not just the request body. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r2vv-r3xx-x6mh: A path traversal vulnerability exists in WeiPHP 5
ghsa_unreviewed·2025-06-26
CVE-2025-34045 [HIGH] CWE-20 GHSA-r2vv-r3xx-x6mh: A path traversal vulnerability exists in WeiPHP 5
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code.
VulnCheck
weiphp weiphp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 8.7
CVE-2025-34045 [HIGH] weiphp weiphp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
weiphp weiphp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Affected: Shenzhen Yuanmengyun Technology Co., Ltd WeiPHP
Required Action
No detection rules found.
Nuclei
WeiPHP 5.0 - Path Traversal
nuclei·CVSS 8.7
CVE-2025-34045 [HIGH] WeiPHP 5.0 - Path Traversal
WeiPHP 5.0 - Path Traversal
WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/_download_imgage, letting unauthenticated remote attackers read arbitrary files.
Template:
id: CVE-2025-34045
info:
name: WeiPHP 5.0 - Path Traversal
author: pikpikcu
severity: high
description: |
WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/_download_imgage, letting unauthenticated remote attackers read arbitrary files.
impact: |
Unauthenticated attackers can read arbitrary files including database configuration files through path traversal in the picUrl parameter, potentially exposing sensitive credentials.
remediation: |
Upg
No writeups or analysis indexed.
2025-06-26
Published
Exploited in the wild