Keepb1Lue

Name of the Vulnerable Software and Affected Versions: SPON IP Network Broadcast System (affected versions not specified) Description: SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read flaw. The issue stems from inadequate input validation on the `jsondata[url]` parameter within the `/rj get token.php` endpoint. This allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.