CVE-2018-25421
Open STA Manager 2.3 Arbitrary File Download via Path Traversal
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.
| CWE | CWE-22 |
| Vendor | openstamanager |
| Product | open sta manager |
| Published | May 30, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for openstamanager open sta manager
Be the first to know when new medium vulnerabilities affecting openstamanager open sta manager are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Openstamanager / Open STA Manager
2.3
References
exploit-db.com: https://www.exploit-db.com/exploits/45693 openstamanager.com: http://www.openstamanager.com/ sourceforge.net: https://sourceforge.net/projects/openstamanager/files/latest/download vulncheck.com: https://www.vulncheck.com/advisories/open-sta-manager-arbitrary-file-download-via-path-traversal
Credits
Ihsan Sencan