Medium severity6.5NVD Advisory· Published Apr 29, 2026· Updated May 26, 2026
CVE-2018-25311
CVE-2018-25311
Description
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 2.10
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.