CVE-2018-25311
Authenticated Directory Traversal in VideoFlow DVP 2.10
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| videoflow | digital_video_protection | 2.10 |
| videoflow | digital_video_protection | to 2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive files on the affected system. An authenticated attacker can exploit it to read arbitrary files, including critical system files such as /etc/passwd.
The impact includes compromising the confidentiality of sensitive information stored on the server, which could be used for further attacks or to gain deeper access to the system.
Can you explain this vulnerability to me?
This vulnerability exists in VideoFlow Digital Video Protection DVP version 2.10 and is an authenticated directory traversal flaw. It allows attackers who have valid credentials to exploit the ID parameter by injecting path traversal sequences. This enables them to access and disclose arbitrary files on the system.
Specifically, attackers can send crafted requests to certain scripts such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive system files. An attacker with valid credentials can exploit it to read critical files such as /etc/passwd, which may contain user account information.
Such information disclosure can aid attackers in further compromising the system, escalating privileges, or gaining deeper access, potentially leading to broader security breaches.
Can you explain this vulnerability to me?
CVE-2018-25311 is an authenticated directory traversal vulnerability in VideoFlow Digital Video Protection (DVP) version 2.10. It allows attackers who have valid authentication to inject path traversal sequences into the 'ID' parameter of certain Perl CGI scripts (such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl). Because the application does not properly validate or sanitize this input, attackers can manipulate the file path to access and disclose arbitrary files on the server.
This means an authenticated attacker can craft requests that include directory traversal payloads (e.g., "../../../../etc/passwd") to read sensitive system files like /etc/passwd, which normally should not be accessible. The vulnerability arises from the scripts using the 'ID' parameter directly to open and serve files without proper checks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending authenticated HTTP requests to the affected Perl CGI scripts with directory traversal payloads in the 'ID' parameter and observing if arbitrary files are disclosed.
- Send a crafted HTTP request to scripts such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with the 'ID' parameter containing traversal sequences like '../../../../etc/passwd'.
- Use curl or similar tools with a valid session cookie to test the vulnerability, for example: curl -b 'session_cookie=value' 'http://target/downloadsys.pl?ID=../../../../etc/passwd'
- Monitor HTTP responses for disclosure of sensitive files such as /etc/passwd.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable scripts to trusted users only and ensuring that authentication mechanisms are properly enforced.
Additionally, input validation should be implemented to sanitize the 'ID' parameter to prevent directory traversal sequences.
If possible, apply patches or updates provided by the vendor to fix the vulnerability.
As a temporary measure, consider disabling or restricting access to the affected Perl CGI scripts (downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, downloadFile.pl) until a fix is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to disclose arbitrary files, including sensitive system files such as /etc/passwd, by exploiting directory traversal in the VideoFlow Digital Video Protection (DVP) 2.10 software. This unauthorized disclosure of sensitive information can compromise confidentiality.
Such unauthorized access and disclosure of sensitive data could potentially lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive and personal data from unauthorized access and breaches.