Описание
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.
EPSS
Процентиль: 68%
0.00584
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
около 2 месяцев назад
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.
EPSS
Процентиль: 68%
0.00584
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22