ByteOS Network

NVD Vulnerability Details :

CVE-2018-25184

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-06 Mar, 2026 | 13:16

Updated At-09 Mar, 2026 | 13:35

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	disclosure@vulncheck.com

CWE ID: CWE-22

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://www.exploit-db.com/exploits/45826	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/surreal-todo-local-file-inclusion-via-indexphp	disclosure@vulncheck.com	N/A

Hyperlink: https://www.exploit-db.com/exploits/45826

Source: disclosure@vulncheck.com

Resource: N/A

Hyperlink: https://www.vulncheck.com/advisories/surreal-todo-local-file-inclusion-via-indexphp

Source: disclosure@vulncheck.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History