CVE-2025-47423

MEDIUM Year: 2025
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-24
View all →

Vulnerability Description

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

Related Vulnerabilities

CVE-2023-20098

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversa...

CWE-242023

CVE-2021-3710

MEDIUM
CVSS:5.5(Medium)

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions pr...

CWE-242021

CVE-2023-7041

MEDIUM
CVSS:5.4(Medium)

A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. ...

CWE-242023

CVE-2024-3218

MEDIUM
CVSS:5.4(Medium)

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The m...

CWE-242024

CVE-2023-4171

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. T...

CWE-242023

CVE-2023-7098

MEDIUM
CVSS:5.3(Medium)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the...

CWE-242023