Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Surreal ToDo 0.6.1.2 allows unauthorized access to sensitive system files
CVE-2018-25184
Summary
An attacker can view sensitive files on the system without permission by manipulating the content of a form field. This could expose confidential information. Upgrade to a fixed version of Surreal ToDo to prevent unauthorized access.
Original title
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply director...
Original description
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
nvd CVSS3.1
6.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-22
Path Traversal
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026