PT-2025-50245 · Unknown · Stvs Provision
Published
2025-12-09
·
Updated
2026-02-13
·
CVE-2021-47724
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
STVS ProVision version 5.9.10
Description
An authenticated attacker can access arbitrary files. This is possible by manipulating the
files parameter within the archive download functionality. Attackers can send GET requests to the ''/archive/download'' endpoint with directory traversal sequences to read sensitive system files, such as /etc/passwd.Recommendations
Apply updates to address the path traversal issue in the archive download functionality. As a temporary workaround, restrict access to the ''/archive/download'' endpoint.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stvs Provision