Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
WeiPHP 5.0 does not properly restrict access to pages, related to using POST.
AnalysisAI
WeiPHP 5.0 does not properly restrict access to pages, related to using POST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
WeiPHP 5.0 does not properly restrict access to pages, related to using POST. Affected products include: Weiphp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework
SQL injection vulnerability in the wp_where function in WeiPHP 5.0. Rated critical severity (CVSS 9.8), this vulnerabili
WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee. Ra
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today