Ghostwire

CVE-2018-25311: VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows...

HIGH CVSS 7.5

Published: April 29, 2026 | Last Modified: April 29, 2026

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2018-25311: VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (2 articles)

References