CVE-2019-25352

HIGH WAF: High

CVSS 7.5 Published: 2026-02-18

CWE-22

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

References

web.archive.org
www.exploit-db.com
www.genivia.com
www.vulncheck.com

Back to CVE Database