CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

CVSS 7.1 HIGHEPSS 0.5%CWE-22

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

VideoFlow Ltd. · Digital Video Protection DVP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.exploit-db.com/exploits/44386 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php http://www.video-flow.com