CVE-2018-25178

High CVSS: 8.7

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.

Vendor

Rul10

Product

Easyndexer

CWE

CWE-22

Yayın Tarihi

2026-03-06 13:15:59

Güncelleme

2026-03-16 19:13:54

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Easyndexer HIGH Rul10 2026

Referanslar

https://www.exploit-db.com/exploits/45835 https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp