VYPR
Medium severity6.2NVD Advisory· Published Mar 6, 2026· Updated Apr 15, 2026

CVE-2018-25184

CVE-2018-25184

Description

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2018-25184 · Medium · VYPR