CVE-2025-47423 PoC — Personal Weather Station Dashboard 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47423.yaml

Associated Vulnerability

Title:Personal Weather Station Dashboard 安全漏洞 (CVE-2025-47423)
Description:Personal Weather Station Dashboard（PWS_Dashboard）是PWS_Dashboard开源的一个数据丰富的天气仪表板。 Personal Weather Station Dashboard存在安全漏洞，该漏洞源于/test.php中目录遍历漏洞，可能导致读取任意文件。

Description

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

File Snapshot


 id: CVE-2025-47423

info:
  name: Personal Weather Station Dashboard 12 - Directory Traversal
  auth

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!