HIGH
Openstamanager
CVE published 2026-05-30
CVE-2018-25421
CVE-2018-25421 documents a path traversal vulnerability in Open STA Manager 2.3 that permits authenticated attackers to download arbitrary files from the underlying server. The flaw resides in modules/backup/actions.php, where the op=getfile action accepts a file parameter without adequate sanitization of directory traversal sequences (../). An attacker with valid credentials can manipulate this parameter [truncated]