SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.
Metrics
Affected Vendors & Products
References
History
Thu, 28 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 27 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined. | |
Title | SPON IP Network Intercom System rj_get_token.php Arbitrary File Read | |
Weaknesses | CWE-200 CWE-22 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-08-28T14:49:44.654Z
Reserved: 2025-08-25T19:58:34.668Z
Link: CVE-2024-13982

Updated: 2025-08-28T14:21:32.052Z

Status : Awaiting Analysis
Published: 2025-08-27T22:15:33.610
Modified: 2025-08-29T16:24:09.860
Link: CVE-2024-13982

No data.

No data.