Description
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.
Published: 2026-05-30
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open STA Manager 2.3 contains a path traversal flaw that allows an authenticated user to download arbitrary files by manipulating the 'file' parameter in the backup module. By sending a crafted GET request to modules/backup/actions.php with op=getfile and a sequence of '../', the attacker can read files located outside the intended directory, potentially exposing sensitive configuration, credentials, or system files. The flaw is a CWE-22 path traversal vulnerability that directly undermines data confidentiality on the server.

Affected Systems

The affected product is Open STA Manager, specifically version 2.3. No other versions are listed in the CNA data, so the risk applies to installations running the 2.3 release.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. Based on the description, the vulnerability requires authentication; therefore the attack vector is inferred to be local to the web application layer. The EPSS score is not available, so the exploitation probability remains uncertain, and the vulnerability is not listed in the CISA KEV catalog. A public exploit is referenced on exploit-db, suggesting that the flaw can be practically abused. The overall risk to systems running Open STA Manager 2.3 is moderate to high, with a strong potential for confidential data exposure.

Generated by OpenCVE AI on May 30, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Open STA Manager vendor website for an updated version that addresses this path traversal issue and apply the patch as soon as it is available.
  • If a patch cannot be applied immediately, restrict or remove the backup module by disabling it or limiting access to users who do not need it.
  • Implement input validation or enforce a whitelist for the 'file' parameter, ensuring that directory traversal sequences are rejected or sanitized before being processed by the application.
  • Configure the web server or application firewall to block requests containing '../' sequences in the URL path as an additional protective measure.

Generated by OpenCVE AI on May 30, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Openstamanager
Openstamanager open Sta Manager
Vendors & Products Openstamanager
Openstamanager open Sta Manager

Sat, 30 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.
Title Open STA Manager 2.3 Arbitrary File Download via Path Traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openstamanager Open Sta Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T15:25:14.597Z

Reserved: 2026-05-30T13:00:19.209Z

Link: CVE-2018-25421

cve-icon Vulnrichment

Updated: 2026-06-01T15:18:32.230Z

cve-icon NVD

Status : Deferred

Published: 2026-05-30T16:17:03.247

Modified: 2026-06-01T16:55:20.100

Link: CVE-2018-25421

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:17:33Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')