exploitDog

CVE-2018-25184

Опубликовано: 06 мар. 2026

Источник: nvd

CVSS3: 6.2

EPSS Низкий

Описание

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

Ссылки

EPSS

Процентиль: 19%

0.0006

Низкий

6.2 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-7p22-frc8-w9h8

CVSS3: 6.2

github

2 месяца назад

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

EPSS

Процентиль: 19%

0.0006

Низкий

6.2 Medium

CVSS3

Дефекты

CWE-22