CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

CVSS 7.1 HIGHEPSS 0.5%CWE-22

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

VideoFlow Ltd. · Digital Video Protection DVP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/44386 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php http://www.video-flow.com