CVE-2018-25408
Deferred Deferred - Pending Action
Path Traversal in Open ISES Project via ajax/download.php

Publication date: 2026-05-30

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-30
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25408
EUVD
EUVD-2018-21930
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
open_ises_project open_ises_project 3.30A
open_ises_project open_ises_project 3.30a
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthenticated attackers to download arbitrary files, including sensitive configuration and system files, from the server. Such unauthorized access to sensitive data can lead to data breaches.

Data breaches involving unauthorized access to sensitive information can result in non-compliance with common standards and regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive data.

Therefore, exploitation of this vulnerability could compromise the confidentiality of protected data, potentially leading to regulatory penalties and legal consequences.

Executive Summary

The Open ISES Project version 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint.

This vulnerability allows unauthenticated attackers to download arbitrary files from the server by manipulating the filename parameter with directory traversal sequences such as ../.

By exploiting this flaw, attackers can access files outside the intended directory, including sensitive configuration and system files.

Impact Analysis

This vulnerability can have a significant impact as it allows remote, unauthenticated attackers to download sensitive files from the server.

Access to configuration files and system files can lead to information disclosure, which may facilitate further attacks or compromise of the system.

Because the exploit does not require authentication, any exposed instance of the application is at risk.

Detection Guidance

This vulnerability can be detected by sending crafted HTTP GET requests to the ajax/download.php endpoint with directory traversal sequences in the filename parameter.

  • Use curl or similar tools to test for arbitrary file download, for example:
  • curl "http://target-server/ajax/download.php?filename=../config.php"
  • curl "http://target-server/ajax/download.php?filename=../../../../../Windows/win.ini"

If the server responds with the contents of these files, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate the path traversal vulnerability in Open ISES Project 3.30A, immediate steps include restricting access to the vulnerable ajax/download.php endpoint to trusted users or internal networks only.

Additionally, implement input validation or sanitization on the filename parameter to prevent directory traversal sequences such as '../' from being processed.

If possible, apply any available patches or updates from the vendor that address this vulnerability.

As a temporary measure, consider disabling the download functionality if it is not essential.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart