CVE-2022-25216

Name of the Vulnerable Software and Affected Versions DVDFab 12 Player (recently renamed PlayerFab) versions not specified

Description An absolute path traversal issue allows a remote attacker to download any file on the Windows file system for which the user account running the software has read-access. This can be achieved by sending an HTTP GET request to the "http://:32080/download/" endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.