CVE-2019-25256

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10

Description The software contains a directory traversal issue that allows attackers to access arbitrary system files. This is possible due to unvalidated ID parameters. Attackers can exploit Perl scripts, such as downloadsys.pl, to read sensitive files by manipulating directory path traversal in download requests.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the downloadsys.pl script.