CVE-2018-25311
Deferred Deferred - Pending Action
Authenticated Directory Traversal in VideoFlow DVP 2.10

Publication date: 2026-04-29

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25311
EUVD
EUVD-2018-21832
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
videoflow digital_video_protection 2.10
videoflow digital_video_protection to 2.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in VideoFlow Digital Video Protection DVP version 2.10 and is an authenticated directory traversal flaw. It allows attackers who have valid credentials to exploit the ID parameter by injecting path traversal sequences. This enables them to access and disclose arbitrary files on the system.

Specifically, attackers can send crafted requests to certain scripts such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive system files. An attacker with valid credentials can exploit it to read critical files such as /etc/passwd, which may contain user account information.

Such information disclosure can aid attackers in further compromising the system, escalating privileges, or gaining deeper access, potentially leading to broader security breaches.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive files on the affected system. An authenticated attacker can exploit it to read arbitrary files, including critical system files such as /etc/passwd.

The impact includes compromising the confidentiality of sensitive information stored on the server, which could be used for further attacks or to gain deeper access to the system.

Executive Summary

CVE-2018-25311 is an authenticated directory traversal vulnerability in VideoFlow Digital Video Protection (DVP) version 2.10. It allows attackers who have valid authentication to inject path traversal sequences into the 'ID' parameter of certain Perl CGI scripts (such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl). Because the application does not properly validate or sanitize this input, attackers can manipulate the file path to access and disclose arbitrary files on the server.

This means an authenticated attacker can craft requests that include directory traversal payloads (e.g., "../../../../etc/passwd") to read sensitive system files like /etc/passwd, which normally should not be accessible. The vulnerability arises from the scripts using the 'ID' parameter directly to open and serve files without proper checks.

Detection Guidance

This vulnerability can be detected by sending authenticated HTTP requests to the affected Perl CGI scripts with directory traversal payloads in the 'ID' parameter and observing if arbitrary files are disclosed.

  • Send a crafted HTTP request to scripts such as downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with the 'ID' parameter containing traversal sequences like '../../../../etc/passwd'.
  • Use curl or similar tools with a valid session cookie to test the vulnerability, for example: curl -b 'session_cookie=value' 'http://target/downloadsys.pl?ID=../../../../etc/passwd'
  • Monitor HTTP responses for disclosure of sensitive files such as /etc/passwd.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable scripts to trusted users only and ensuring that authentication mechanisms are properly enforced.

Additionally, input validation should be implemented to sanitize the 'ID' parameter to prevent directory traversal sequences.

If possible, apply patches or updates provided by the vendor to fix the vulnerability.

As a temporary measure, consider disabling or restricting access to the affected Perl CGI scripts (downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, downloadFile.pl) until a fix is applied.

Compliance Impact

The vulnerability allows authenticated attackers to disclose arbitrary files, including sensitive system files such as /etc/passwd, by exploiting directory traversal in the VideoFlow Digital Video Protection (DVP) 2.10 software. This unauthorized disclosure of sensitive information can compromise confidentiality.

Such unauthorized access and disclosure of sensitive data could potentially lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive and personal data from unauthorized access and breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart