Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Easyndexer 1.0 allows unauthorized access to sensitive system files
CVE-2018-25178
Summary
Easyndexer 1.0, a software tool, has a security flaw that lets anyone download sensitive system files without needing a password. This can happen if an attacker sends a special request to the showtif.php page, tricking it into handing over confidential information. To stay secure, update to a fixed version of Easyndexer or consider replacing it with a more secure alternative.
Original title
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST reques...
Original description
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026