CVE-2021-47724

UNKNOWN 0.0

STVS ProVision Authenticated File Disclosure via archive.rb

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.

CWE	CWE-22
Vendor	stvs sa
Product	stvs provision
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for stvs sa stvs provision

Be the first to know when new unknown vulnerabilities affecting stvs sa stvs provision are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

STVS SA / STVS ProVision

5.9.10 (build 2885-3a8219a)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49481 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5623.php stvs.ch: http://www.stvs.ch vulncheck.com: https://www.vulncheck.com/advisories/stvs-provision-authenticated-file-disclosure-via-archiverb

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab