CVE-2025-34045 Scanner

WeiPHP is an open-source content management system that is popular among developers for building custom applications on top of its robust PHP framework. It is widely used in building websites that require flexible template systems and modular extensions. The platform is suitable for small to medium-sized businesses aiming to establish a professional online presence. Moreover, developers use WeiPHP to create and manage dynamic content and user interactions on websites. The system utilizes a comprehensive admin panel, allowing users to easily manage and deploy web applications. This software's versatility makes it beneficial for a range of web development needs.

Path Traversal vulnerability allows attackers to access arbitrary files on a server by manipulating file references in the application's inputs. This specific vulnerability in WeiPHP 5.0 arises from inadequate validation of the 'picUrl' parameter, enabling unauthorized file access. By exploiting this flaw, attackers can potentially uncover sensitive configuration files or user data. The vulnerability could be leveraged to disclose information that compromises system integrity and security. This security issue can be particularly severe when exposed to the internet, increasing the risk of exploitation. The vulnerability underscores the need for stringent input validation and error handling.

This vulnerability is primarily found in the picUrl parameter of the file retrieval functionality. Attackers can craft requests with arbitrary file paths to access unauthorized directories and files on the server. The vulnerable endpoint in question is '/public/index.php/material/Material/_download_imgage'. This flaw highlights a failure to properly sanitize and validate user-supplied input, which is a common pitfall in web applications. Additionally, the vulnerability can be triggered via unauthenticated POST and GET requests. The potential for remote exploitation warrants immediate attention to remediate the risk.

If exploited, this vulnerability can lead to significant data breaches, exposing sensitive application and user data. It could potentially allow attackers to gain insights into system architecture via accessed configuration files. Moreover, such access could aid in further system exploitation, leading to privilege escalation or data manipulation. The integrity of the web application could be severely compromised, adversely affecting user trust and system reliability. Businesses may suffer reputational and financial damages as a consequence of unauthorized access. Therefore, addressing this vulnerability is critical for maintaining security and protecting data assets.

REFERENCES

• http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
• https://vulncheck.com/advisories/weiphp-path-traversal-file-read