CVE-2019-25333

Name of the Vulnerable Software and Affected Versions Bullwark Momentum Series JAWS version 1.0

Description The software contains a directory traversal issue that permits unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit this by sending specially crafted GET requests containing multiple '../' sequences to read sensitive files, such as /etc/passwd, located outside the web root directory. The API endpoint is susceptible to manipulation through HTTP request paths. The vulnerable parameter is the HTTP request path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.