关联漏洞
标题:Pichome 路径遍历漏洞 (CVE-2025-1743)Description:Pichome是zyx0814个人开发者的一款图片与媒体文件管理功能强大的开源网盘程序。 Pichome 2.1.0版本存在路径遍历漏洞,该漏洞源于文件/index.php?mod=textviewer的参数src会导致路径遍历。
Description
A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
文件快照
id: CVE-2025-1743
info:
name: Pichome 2.1.0 - Arbitrary File Read
author: 3th1c_yuk1
severity
...
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →