PatchSiren

VideoFlow Ltd. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH VideoFlow Ltd. CVE published 2026-04-29

CVE-2018-25311

CVE-2018-25311 documents an authenticated directory traversal vulnerability in VideoFlow Digital Video Protection (DVP) version 2.10. The flaw exists in multiple Perl-based download endpoints—downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, and downloadFile.pl—where the ID parameter fails to sanitize path traversal sequences. Attackers with valid credentials can inject sequences such as ../ t [truncated]