← Back to CVEs
CVE-2018-25184
MEDIUM6.2
Description
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
CVE Details
CVSS v3.1 Score6.2
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/6/2026
Last Modified3/9/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-22
References
https://www.exploit-db.com/exploits/45826(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/surreal-todo-local-file-inclusion-via-indexphp(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.