An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2022-07 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2022-03-11T17:54:38
Updated: 2024-08-03T04:36:06.443Z
Reserved: 2022-02-15T00:00:00
Link: CVE-2022-25216
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-11T18:15:40.160
Modified: 2022-03-21T16:42:27.790
Link: CVE-2022-25216
Redhat
No data.