CVE-2018-25311

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

April 29, 2026

CWE ID

CWE-22

Source

NVD

Vendor

VideoFlow Ltd.

Product

VideoFlow Digital Video Protection

External References

https://www.exploit-db.com/exploits/44386
https://www.vulncheck.com/advisories/videoflow-digital-video-protection-dvp-10-authenticated-directory-traversal-x-prototype-version
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php

CVE-2018-25311

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment