CVE-2019-25352

Name of the Vulnerable Software and Affected Versions Crystal Live HTTP Server version 6.01

Description Crystal Live HTTP Server version 6.01 contains a directory traversal flaw. Remote attackers can exploit this to access system files by manipulating URL path segments. Specifically, attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files, including Windows system files. The API endpoint is susceptible to manipulation through the URL path. The vulnerable parameter is the path segment within the URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.