CVE-2018-25408NVD

Vulnerability Summary

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.

Severity Level

HIGH(7.5)

Published Date

May 30, 2026

Last Modified

Jun 1, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://www.exploit-db.com/exploits/45655
http://openises.sourceforge.net/
https://sourceforge.net/projects/openises/files/latest/download
https://www.vulncheck.com/advisories/the-open-ises-project-3-30a-path-traversal-arbitrary-file-download