CVE-2018-25178 HIGH

CVE-2018-25178: Easyndexer 1.0 Arbitrary File Download via showtif.php

Vendor Sourceforge

Product Easyndexer

Weakness CWE-22 · Path traversal

Published March 6, 2026

Last update March 9, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.

Key dates

Disclosure timeline

March 6, 2026 CVE published

March 9, 2026 Record updated