← back
CVE-2018-25365

PCViewer vt1000 Directory Traversal via GET Request

CVSS 8.7 HIGHEPSS 0.8%CWE-22
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
PCViewer · PCViewer
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45248unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45248https://www.vulncheck.com/advisories/pcviewer-vt1000-directory-traversal-via-get-requesthttp://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml