cbcvebase.
CVE-2018-8727
published 2018-06-19

CVE-2018-8727: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the…

PriorityP262high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.80%
93.9th percentile
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.

Affected

1 ranges
VendorProductVersion rangeFixed in
mirasysdvms_workstation<= 5.12.6

Detection & IOCsextracted from sources · hover to see the quote

path/.../.../.../.../.../.../.../.../.../windows/win.ini
  • HTTP GET request to the path traversal payload targeting win.ini; match response body for all three strings: 'bit app support', 'fonts', and 'extensions' (AND condition) to confirm successful LFI exploitation.
  • The traversal uses '...' (three dots) as the path separator bypass instead of the standard '../' sequence — detection rules should account for this non-standard traversal pattern in HTTP request URIs.
  • Unauthenticated (PR:N, UI:N) HTTP GET request via the Mirasys DVMS Web Client webserver; no authentication required to exploit the path traversal.
  • ·Affected versions are Mirasys DVMS Workstation 5.12.6 and earlier; upgrade to 5.12.7 or later to mitigate.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.