Unknown · Pws Personal Weather Station Dashboard · CVE-2025-47423
**Name of the Vulnerable Software and Affected Versions**
Personal Weather Station Dashboard version 12 lts
**Description**
The issue allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the `test` parameter to "/others/ test.php". This can be exploited to read sensitive files, such as the server's private SSL key in cleartext.
**Recommendations**
For Personal Weather Station Dashboard version 12 lts, restrict access to the "/others/ test.php" endpoint to prevent directory traversal attacks, and avoid using the `test` parameter until the issue is resolved.