CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

CVSS 7.1 HIGHEPSS 0.5%CWE-22

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

VideoFlow Ltd. · Digital Video Protection DVP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44386 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php http://www.video-flow.com