CVE-2018-16961
Description
A path traversal vulnerability in Open XDMoD through 7.5.0 allows remote attackers to read arbitrary PDF files via the file parameter in dl_publication.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path traversal vulnerability in Open XDMoD through 7.5.0 allows remote attackers to read arbitrary PDF files via the file parameter in dl_publication.php.
Vulnerability
The vulnerability resides in html/gui/general/dl_publication.php and allows path traversal via the file parameter. Although PHP's null byte injection handling prevents reading files without a .PDF extension, attackers can still traverse directories to read any file ending in .PDF. This affects Open XDMoD versions through 7.5.0, and was fixed in version 8.0 [1].
Exploitation
An attacker with network access to the Open XDMoD web interface can send a crafted HTTP request to dl_publication.php with a file parameter containing directory traversal sequences (e.g., ../../../etc/passwd.pdf) to read PDF files from arbitrary directories. No authentication is required [1].
Impact
Successful exploitation allows the attacker to read any PDF file on the server that the web server process has access to, leading to information disclosure of sensitive documents [1].
Mitigation
Upgrade to Open XDMoD version 8.0 or later, which addresses the vulnerability. No known workarounds exist for earlier versions [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open XDMoD/Open XDMoDdescription
- Range: <=7.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The file parameter in dl_publication.php is not properly sanitized, allowing directory traversal."
Attack vector
An attacker can exploit this vulnerability by crafting a malicious request to `html/gui/general/dl_publication.php`. By manipulating the `file` parameter, an attacker can traverse directories and read arbitrary PDF files on the server. The advisory notes that while NULL byte injection is mitigated in recent PHP versions, it is still possible to request files ending in ".PDF" [ref_id=1].
Affected code
The vulnerability exists in the file `html/gui/general/dl_publication.php` within the Open XDMoD application [ref_id=1]. This script handles file downloads and is susceptible to directory traversal due to insufficient sanitization of the `file` parameter.
What the fix does
The advisory states that the vulnerability will be addressed in the upcoming 8.0 release of Open XDMoD. No specific patch details or code changes are provided in the bundle. Therefore, the exact fix cannot be described, but the remediation guidance is to update to version 8.0 or later.
Preconditions
- networkThe vulnerable Open XDMoD application must be accessible over the network.
- inputThe attacker must be able to send a crafted request with a manipulated 'file' parameter.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/grymer/CVE/blob/master/CVE-2018-16961.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.