Pichome 2.1.0 - Arbitrary File Read

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

VulnCheck KEV: CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

EUVD-2025-14891

Malicious code in bioql PyPI...

EUVD-2025-7412

Malicious code in bioql PyPI...

Arbitrary File Read Vulnerability in PicHome of Beijing Qiaoqiao Times Network Technology Co.

PicHome is an image display portal, image search engine for the Ouatto document system. Beijing Qiaoqiao Times Network Technology Co., Ltd PicHome has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2024-24393

File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

The CVE-2025-44024 entry concerns the Pichome system (v2.1.0 and earlier) with an XSS flaw in the login form caused by insufficient input sanitization. The vulnerable component is the login process where attacker-controlled inputs in the username or password fields can inject malicious JavaScript...

Pichome 跨站脚本漏洞

Pichome is a powerful open source web hosting program for image and media file management by individual developer zyx0814. A security vulnerability exists in Pichome 2.1.0 and prior versions, which stems from insufficient cleaning of user input in the login form and could lead to a cross-site...

PT-2025-21236 · Pichome · Pichome

Name of the Vulnerable Software and Affected Versions: Pichome system versions prior to 2.1.0 Description: A Cross-Site Scripting XSS issue was found due to insufficient sanitization of user input in the login form. This allows an attacker to inject malicious JavaScript code into the username or...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-1743 zyx0814 Pichome index.php path traversal

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-1743

CVE-2025-1743 affects zyx0814 Pichome 2.1.0. A path traversal flaw exists in the /index.php?mod=textviewer endpoint via the src parameter, enabling remote access to read files. The connected nuclei template confirms this is a critical vulnerability described as arbitrary file read with remote ini...

CVE-2025-1743 zyx0814 Pichome index.php path traversal

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

Pichome 路径遍历漏洞

Pichome is zyx0814 individual developer of a powerful open source web site program for image and media file management. A path traversal vulnerability exists in Pichome version 2.1.0, which stems from the parameter src in the file /index.php?mod=textviewer, which can lead to path traversal...