Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Centova Cast 3.2.11 allows attackers to download system files
CVE-2019-25351
Summary
An attacker who has already logged in to a Centova Cast server can use a special request to download sensitive system files, such as password files, potentially revealing confidential information. This is a serious issue, as it allows unauthorized access to sensitive data. Centova Cast users should update to the latest version to fix this vulnerability.
Original title
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the...
Original description
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
nvd CVSS3.1
8.8
nvd CVSS4.0
7.1
Vulnerability type
CWE-862
Missing Authorization
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026