CVE Catalog

CVE-2018-25365

High
Published: Translated: NVD NIST

Summary

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

Risk Assessment

This vulnerability poses a risk of exposing sensitive system data, which could lead to further attacks on the organization's infrastructure. Reading files such as /etc/passwd may allow attackers to gain information about system users.

Recommendation

It is recommended to update PCViewer vt1000 to the latest version that fixes this vulnerability. Additionally, implementing security mechanisms such as input validation is advisable to prevent the exploitation of directory traversal sequences.

Original NVD description (English source)

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS