CVE-2018-25178

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/45835	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:rul10:easyndexer:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 13:15

Updated : 2026-03-16 19:13

NVD link : CVE-2018-25178

Mitre link : CVE-2018-25178

CVE.ORG link : CVE-2018-25178

JSON object : View

Products Affected

rul10

easyndexer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2018-25178", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T13:15:59.863", "references": [{"url": "https://www.exploit-db.com/exploits/45835", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp", "tags": ["Broken Link"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files."}, {"lang": "es", "value": "Easyndexer 1.0 contiene una vulnerabilidad de descarga arbitraria de archivos que permite a atacantes no autenticados descargar archivos sensibles manipulando el par\u00e1metro file. Los atacantes pueden enviar solicitudes POST a showtif.PHP con rutas de archivo arbitrarias en el par\u00e1metro file para recuperar archivos del sistema como archivos de configuraci\u00f3n e inicializaci\u00f3n."}], "lastModified": "2026-03-16T19:13:54.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rul10:easyndexer:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98218D5D-6534-40C1-9676-906D16EFA6FB"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}