โ† Back to Dashboard

CVE-2018-25408

HIGH NVD
CVSS Score
7.5
Severity
HIGH
Source
NVD
Published
May 30, 2026
Description

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access files outside the intended directory, including configuration files and system files.

View Full Details โ† Back