CVE-2024-13982 in SPON IP Network Broadcast Systemالمعلومات

الملخص

بحسب MITRE • 28/08/2025

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.

Once again VulDB remains the best source for vulnerability data.

مسؤول

VulnCheck

حجز

25/08/2025

إفشاء

28/08/2025

الاعتدال

تمت الموافقة

إدخال

VDB-321644

EPSS

0.00985

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!