CVE-2018-25178
Received Received - Intake
Arbitrary File Download in Easyndexer 1.0 Allows Sensitive Data Exposure

Publication date: 2026-03-06

Last updated on: 2026-03-16

Assigner: VulnCheck

Description
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-16
Generated
2026-05-07
AI Q&A
2026-03-06
EPSS Evaluated
2026-05-05
NVD
CVE-2018-25178
EUVD
EUVD-2018-21633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rul10 easyndexer 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'This vulnerability exists in Easyndexer version 1.0, a PHP-based web application. It allows an unauthenticated attacker to download arbitrary files from the server by manipulating the "file" parameter in the showtif.php script.'}, {'type': 'paragraph', 'content': 'By sending a specially crafted POST request with a file path in the "file" parameter, the attacker can retrieve sensitive system files such as configuration or initialization files. This happens because the application does not properly validate or sanitize the input for the "file" parameter, enabling arbitrary file read and download.'}] [1]


How can this vulnerability impact me? :

This vulnerability can have serious impacts because it allows attackers to access sensitive files on the server without authentication.

  • Attackers can download configuration files that may contain credentials or other sensitive information.
  • Exposure of initialization files or other system files can lead to further exploitation or system compromise.
  • Since the vulnerability requires no authentication and has a high impact on confidentiality, it poses a significant security risk.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the vulnerable script showtif.php with manipulated file parameters to see if arbitrary files can be downloaded.'}, {'type': 'paragraph', 'content': 'A typical detection command involves sending a HTTP GET or POST request to the showtif.php script with the file parameter set to a known system file path.'}, {'type': 'list_item', 'content': 'Example curl command to test the vulnerability: curl -X POST "http://[target]/src/showtif.php?file=C:/Windows/win.ini&name=Efe" -v'}, {'type': 'list_item', 'content': 'If the server responds with a 200 OK status and returns the contents of the specified file with headers indicating a forced download (e.g., Content-Disposition: attachment; filename=Efe.ini), the vulnerability is present.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart