QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34126

Published: Jul 16, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.

Vendor	Product	Versions
RIPS Technologies	RIPS Scanner	affected `0.54`

Weaknesses (CWE)

References

https://codesec.blogspot.com/2015/03/rips-scanner-v-054-local-file-include.html

third-party-advisory

exploit

https://www.exploit-db.com/exploits/18660

exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/rips_traversal.rb

exploit

https://rips-scanner.sourceforge.net/

product

https://www.vulncheck.com/advisories/rips-scanner-path-traversal

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.