{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-ises-project-3.30a/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2018-25408"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open ISES Project 3.30A"],"_cs_severities":["high"],"_cs_tags":["path-traversal","vulnerability","web-application"],"_cs_type":"threat","_cs_vendors":["Open ISES Project"],"content_html":"\u003cp\u003eOpen ISES Project version 3.30A is susceptible to a path traversal vulnerability, designated as CVE-2018-25408. This flaw resides in the ajax/download.php endpoint and allows unauthenticated remote attackers to retrieve arbitrary files from the server. By crafting malicious requests containing directory traversal sequences, such as \u0026ldquo;../\u0026rdquo;, within the filename parameter, an attacker can bypass intended access restrictions and potentially gain access to sensitive information like configuration files and system files. This vulnerability enables attackers to read local files without authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies the vulnerable ajax/download.php endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP GET or POST request to the ajax/download.php endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a path traversal sequence (e.g., \u0026ldquo;../../../\u0026rdquo;) into the filename parameter of the request.\u003c/li\u003e\n\u003cli\u003eThe server processes the request without proper validation of the filename parameter.\u003c/li\u003e\n\u003cli\u003eThe server attempts to read the file specified by the manipulated filename parameter, traversing directories outside the intended scope.\u003c/li\u003e\n\u003cli\u003eIf successful, the contents of the targeted file (e.g., a configuration file) are returned in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the response to extract the contents of the file.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the leaked information (e.g. credentials, internal IP addresses) to further compromise the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability (CVE-2018-25408) allows unauthorized access to sensitive files on the Open ISES Project server. This could lead to the disclosure of confidential information, such as database credentials, API keys, or internal system configurations. The impact could range from information leakage to a complete compromise of the affected system, depending on the sensitivity of the exposed files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates from Open ISES Project to address CVE-2018-25408 and remediate the path traversal vulnerability in the ajax/download.php endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Path Traversal in Open ISES Project\u003c/code\u003e to identify exploitation attempts against the ajax/download.php endpoint by monitoring for directory traversal sequences in the filename parameter.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization on the filename parameter within the ajax/download.php endpoint to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eReview and restrict file access permissions on the server to limit the impact of successful path traversal exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:18:41Z","date_published":"2026-05-30T16:18:41Z","id":"https://feed.craftedsignal.io/briefs/2026-05-open-ises-path-traversal/","summary":"Open ISES Project 3.30A is vulnerable to path traversal (CVE-2018-25408), allowing unauthenticated attackers to download arbitrary files by manipulating the filename parameter in the ajax/download.php endpoint, potentially exposing configuration and system files.","title":"Open ISES Project 3.30A Unauthenticated Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-open-ises-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Open ISES Project 3.30A","version":"https://jsonfeed.org/version/1.1"}