CVE-2025-43928

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-24
View all →

Vulnerability Description

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.

Related Vulnerabilities

CVE-2023-1800

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Uplo...

CWE-242023

CVE-2023-3056

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedi...

CWE-242023

CVE-2023-3057

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument...

CWE-242023

CVE-2023-7058

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the ...

CWE-242023

CVE-2023-7134

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path...

CWE-242023

CVE-2024-0416

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth...

CWE-242024