PT-2026-23690 · Unknown · Easyndexer
Published
2026-03-06
·
Updated
2026-03-16
·
CVE-2018-25178
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Easyndexer version 1.0
Description
The software contains a flaw that allows unauthenticated attackers to download sensitive files. This is achieved by manipulating the
file parameter within POST requests sent to the ''showtif.php'' endpoint. Attackers can specify arbitrary file paths in the file parameter to retrieve system files, including configuration and initialization files.Recommendations
Apply a fix to the ''showtif.php'' endpoint to prevent unauthorized file downloads.
Restrict access to the ''showtif.php'' endpoint.
Sanitize the
file parameter to prevent the inclusion of arbitrary file paths.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easyndexer