CVE-2018-25184

MEDIUM
2026-03-06 [email protected]
6.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
PoC Detected
Mar 09, 2026 - 13:35 vuln.today
Public exploit code
CVE Published
Mar 06, 2026 - 13:16 nvd
MEDIUM 6.2

Tags

PHP Lfi Path Traversal

Description

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

Analysis

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]

Technical Context

Classified as CWE-22 (Path Traversal). Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

Affected Products

Component: content.

Remediation

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists.

Priority Score

51
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +31
POC: +20

Share

CVE-2018-25184 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy