VulnCheck KEV: CVE-2025-34045

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

Weiphp WeiPHP 路径遍历漏洞

Weiphp WeiPHP is a WeChat development platform that supports the development of public numbers and small programs by China's Shenzhen Yuanmeng Yun Weiphp company. Weiphp WeiPHP 5.0 version of the existence of path traversal vulnerability, the vulnerability stems from the file...

PHPEMS deserialization vulnerability (CNVD-2024-13536)

PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...

CVE-2024-1353

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

Deserialization of untrusted data

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

CVE-2024-1353 PHPEMS index.api.php index deserialization

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

CVE-2024-1353

PHPEMS up to version 1.0 is affected by CVE-2024-1353. The vulnerability resides in the index function of app/weixin/controller/index.api.php, where manipulating the picurl argument leads to deserialization. The issue is publicly disclosed and exploitable per the sources in the connected document...

PHPEMS 代码问题漏洞

PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...

PT-2024-17966 · Phpems · Phpems

Name of the Vulnerable Software and Affected Versions: PHPEMS versions up to 1.0 Description: A critical issue has been found in the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The issue has been disclosed to th...

Phpyun设计缺陷致任意文件删除可致重装getshell或注入

简要描述： 设计缺陷可致任意文件删除 删除lock可直接进行重装直接达到getshell。 或者删除某文件也可以来注入了。 也可导致破坏sql语句。 P.S.又是1点多了,明天又无法认真上课了。 2014年7月23日 01:30:01 新的一天快乐。 详细说明： 依旧官网下的最新版。 在model/ajax.class.php中 function deluploadaction if!$this-uid && !$this-username && $COOKIE"usertype"!=2 echo 0;die; else $dir=$POSTstr0; $isuser =...