CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

CVSS 7.1 HIGHEPSS 0.6%CWE-22

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

VideoFlow Ltd. · VideoFlow Digital Video Protection

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44386no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/44386 https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-directory-traversal-x-prototype-version https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php