airVision NVR path Parameter Traversal Arbitrary File Access

The remote web server hosts airVision NVR, an application used to remotely monitor IP cameras. The installed version of airVision NVR fails to properly sanitize user-supplied input to the 'path' parameter of the 'views/file.php' script. This could allow an unauthenticated, remote attacker to read...