CVE-2018-25181
Received Received - Intake
Path Traversal in Musicco 2.0.0 Allows Arbitrary Directory Download

Publication date: 2026-03-06

Last updated on: 2026-03-06

Assigner: VulnCheck

Description
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25181
EUVD
EUVD-2018-21636
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
musicco musicco to 2.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2018-25181 is a path traversal vulnerability in Musicco version 2.0.0 that allows unauthenticated attackers to download arbitrary directories from the server.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application accepts a 'parent' parameter in the getAlbum endpoint, which specifies a directory path. This parameter is not properly validated or sanitized, allowing attackers to include directory traversal sequences (like '../../') to access directories outside the intended scope."}, {'type': 'paragraph', 'content': 'When exploited, the server creates a ZIP archive of the specified directory and serves it as a downloadable file, enabling attackers to obtain sensitive system files and directories.'}] [1, 2]

Impact Analysis

This vulnerability can have serious security impacts because it allows attackers to access and download arbitrary directories on the server without any authentication.

  • Attackers can obtain sensitive system files and configuration data that may contain confidential information.
  • Exposure of sensitive data can lead to further attacks, such as privilege escalation or system compromise.
  • Since the vulnerability does not require authentication, it can be exploited remotely by anyone aware of the flaw.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the path traversal flaw in the getAlbum endpoint by sending specially crafted HTTP GET requests that include directory traversal sequences in the parent parameter.'}, {'type': 'paragraph', 'content': 'For example, you can use curl or similar tools to send requests that try to download directories outside the intended scope and observe if the server returns ZIP files containing those directories.'}, {'type': 'list_item', 'content': 'curl -v "http://[target]/[PATH]/?getAlbum&parent=../../../../etc&album=passwd" -o passwd.zip'}, {'type': 'list_item', 'content': 'curl -v "http://[target]/[PATH]/?getAlbum&parent=../../../../Efe_S1/apache/conf&album=Efe" -o Efe.zip'}, {'type': 'paragraph', 'content': 'If the server responds with a ZIP file containing files from the specified directory, it confirms the presence of the vulnerability.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting or disabling access to the vulnerable getAlbum endpoint until a patch or fix is applied.'}, {'type': 'paragraph', 'content': 'You should also implement input validation and sanitization on the parent parameter to prevent directory traversal sequences such as "../" from being processed.'}, {'type': 'paragraph', 'content': 'If possible, update or patch the Musicco application to a version where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'Additionally, monitor access logs for suspicious requests containing directory traversal patterns and block or alert on such attempts.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25181. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart