Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
EverSync 0.5 Allows Unauthenticated Access to Sensitive Files
CVE-2018-25164
Summary
An attacker can access sensitive files on your system without a password. This is a serious issue because it means an unauthorized person can see important data and credentials. You should update to a fixed version of EverSync as soon as possible to protect your data.
Original title
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can se...
Original description
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-552
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026