Back to search
CVE-2021-47724
Published: Dec 9, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
| Vendor | Product | Versions |
|---|---|---|
STVS SA | STVS ProVision | affected 5.9.10 (build 2885-3a8219a) |
Weaknesses (CWE)
References
ExploitDB-49481
exploit
Zero Science Lab Disclosure (ZSL-2021-5623)
third-party-advisory
Reference
third-party-advisory
VulnCheck Advisory: STVS ProVision Authenticated File Disclosure via archive.rb
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now