Weiphp

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Weiphp.

By the Year

In 2026 there have been 0 vulnerabilities in Weiphp. Last year, in 2025 Weiphp had 2 security vulnerabilities published. Right now, Weiphp is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	2	0.00
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	2	8.65

It may take a day or so for new Weiphp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Weiphp Security Vulnerabilities

WeiPHP 5.0 Path Traversal in Material/_download_imgage (picUrl)
CVE-2025-34045 - June 26, 2025

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Directory traversal

SQLi in Fanwei e-Cology 8.0 via getdata.jsp sql param
CVE-2025-34038 - June 24, 2025

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

SQL Injection

WeiPHP 5.0 does not properly restrict access to pages
CVE-2020-20299 7.5 - High - December 18, 2020

WeiPHP 5.0 does not properly restrict access to pages, related to using POST.

Information Disclosure

SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
CVE-2020-20300 9.8 - Critical - December 18, 2020

SQL injection vulnerability in the wp_where function in WeiPHP 5.0.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Weiphp or by Weiphp? Click the Watch button to subscribe.

Weiphp
Vendor

Weiphp
Product

Weiphp

Don't miss out!

By the Year

Recent Weiphp Security Vulnerabilities

WeiPHP 5.0 Path Traversal in Material/_download_imgage (picUrl) CVE-2025-34045 - June 26, 2025

SQLi in Fanwei e-Cology 8.0 via getdata.jsp sql param CVE-2025-34038 - June 24, 2025

WeiPHP 5.0 does not properly restrict access to pages CVE-2020-20299 7.5 - High - December 18, 2020

SQL injection vulnerability in the wp_where function in WeiPHP 5.0. CVE-2020-20300 9.8 - Critical - December 18, 2020