CVE-2018-25178

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.

Vulnerability Details

Published Date

March 06, 2026

Last Modified

March 09, 2026

CWE ID

CWE-22

Source

NVD

Vendor

Sourceforge

Product

Easyndexer

External References

https://www.exploit-db.com/exploits/45835
https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp

CVE-2018-25178

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment