CVE-2012-5972

SpecView < 2.5 Build 853 - Path Traversal via URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5972. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The document describes a directory traversal vulnerability in SpecView's web server component, allowing remote attackers to access arbitrary files on the system. The exploit is demonstrated via URL manipulation using multiple dot sequences.

Description

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textwebappswindows
https://www.exploit-db.com/exploits/19455

The document describes a directory traversal vulnerability in SpecView's web server component, allowing remote attackers to access arbitrary files on the system. The exploit is demonstrated via URL manipulation using multiple dot sequences.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SpecView <= 2.5 build 853
No auth needed
Prerequisites: Web server option enabled in SpecView
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0481
EPSS Percentile 90.9%

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
specview/specview < 2.5
SpecView/SpecView < 2.5 Build 853
Published Jan 17, 2013
Tracked Since Feb 18, 2026