CVE-2024-13982 - SPON IP Network Broadcast System Arbitrary File Read Vulnerability
CVE ID : CVE-2024-13982
Published : Aug. 27, 2025, 10:15 p.m. | 48 minutes ago
Description : SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Aug. 27, 2025, 10:15 p.m. | 48 minutes ago
Description : SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...