Описание
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
EPSS
Процентиль: 77%
0.01034
Низкий
5.8 Medium
CVSS3
Дефекты
CWE-24
Связанные уязвимости
CVSS3: 5.8
github
9 месяцев назад
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
EPSS
Процентиль: 77%
0.01034
Низкий
5.8 Medium
CVSS3
Дефекты
CWE-24