CVE-2018-25421

Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...

CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

PT-2026-45121

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

Directory traversal

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...