CVE-2018-25365

Description

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

References

• http://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml
• https://www.exploit-db.com/exploits/45248
• https://www.vulncheck.com/advisories/pcviewer-vt1000-directory-traversal-via-get-request