|
| Description: | | Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext. |
|
| Impact: | | When the file operation function in the application that does not filter the file path effectively, an attacker can import the path of a file which contains malicious code, causing a file inclusion vulnerability and executing malicious code. |
|
| Affected OS: | | Windows, Linux, Others |
|
| Reference: | | https://github.com/haluka92/CVE-2025-47423
https://pwsdashboard.com/
|
|