CVE-2018-25311

Sažetak

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

Reference

https://www.exploit-db.com/exploits/44386
https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-directory-traversal-x-prototype-version
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

29-04-2026 - 21:22

Objavljeno

29-04-2026 - 20:16