High severity7.5NVD Advisory· Published May 30, 2026· Updated Jun 1, 2026
CVE-2018-25408
CVE-2018-25408
Description
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =3.30A
Patches
Vulnerability mechanics
References
4News mentions
1- Open ISES Tickets: Eight Unauthenticated High-Severity Bugs Disclosed in a Single BatchVypr Intelligence · May 30, 2026