PT-2025-8978 · Unknown · Zyx0814 Pichome
Sheratan
·
Published
2025-02-27
·
Updated
2025-05-15
·
CVE-2025-1743
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
zyx0814 Pichome version 2.1.0
Description
A critical issue was found in the software, affecting the /index.php?mod=textviewer endpoint. The manipulation of the
src argument leads to path traversal. This issue can be exploited remotely.Recommendations
For version 2.1.0, as a temporary workaround, consider restricting access to the /index.php?mod=textviewer endpoint until a patch is available. Avoid using the
src argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zyx0814 Pichome