CVE-2018-25408
Path Traversal in Open ISES Project via ajax/download.php
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_ises_project | open_ises_project | 3.30A |
| open_ises_project | open_ises_project | 3.30a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to download arbitrary files, including sensitive configuration and system files, from the server. Such unauthorized access to sensitive data can lead to data breaches.
Data breaches involving unauthorized access to sensitive information can result in non-compliance with common standards and regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive data.
Therefore, exploitation of this vulnerability could compromise the confidentiality of protected data, potentially leading to regulatory penalties and legal consequences.
Can you explain this vulnerability to me?
The Open ISES Project version 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint.
This vulnerability allows unauthenticated attackers to download arbitrary files from the server by manipulating the filename parameter with directory traversal sequences such as ../.
By exploiting this flaw, attackers can access files outside the intended directory, including sensitive configuration and system files.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows remote, unauthenticated attackers to download sensitive files from the server.
Access to configuration files and system files can lead to information disclosure, which may facilitate further attacks or compromise of the system.
Because the exploit does not require authentication, any exposed instance of the application is at risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the ajax/download.php endpoint with directory traversal sequences in the filename parameter.
- Use curl or similar tools to test for arbitrary file download, for example:
- curl "http://target-server/ajax/download.php?filename=../config.php"
- curl "http://target-server/ajax/download.php?filename=../../../../../Windows/win.ini"
If the server responds with the contents of these files, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the path traversal vulnerability in Open ISES Project 3.30A, immediate steps include restricting access to the vulnerable ajax/download.php endpoint to trusted users or internal networks only.
Additionally, implement input validation or sanitization on the filename parameter to prevent directory traversal sequences such as '../' from being processed.
If possible, apply any available patches or updates from the vendor that address this vulnerability.
As a temporary measure, consider disabling the download functionality if it is not essential.