CVE-2024-13982
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-11-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| spon_communications | spon_ip_network_intercom_broadcasting_system | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SPON IP Network Broadcast System's rj_get_token.php endpoint, where insufficient input validation on the jsondata[url] parameter allows an attacker to perform directory traversal. This means an unauthenticated remote attacker can send a specially crafted POST request to read arbitrary files on the server, potentially accessing sensitive information such as system configuration, credentials, or internal logic.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive files on the server, including system configurations and credentials. This can compromise the security of the affected system, potentially allowing attackers to gain further access or disrupt services.