CVE-2018-25164

EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/45868
https://www.vulncheck.com/advisories/eversync-arbitrary-file-download-via-files-directory

Configurations

No configuration.

History

15 Apr 2026, 14:53

Type	Values Removed	Values Added
Summary		(es) EverSync 0.5 contiene una vulnerabilidad de descarga arbitraria de archivos que permite a atacantes no autenticados acceder a archivos sensibles solicitándolos directamente del directorio 'files'. Los atacantes pueden enviar solicitudes GET al directorio 'files' para descargar archivos de base de datos como db.sq3 que contienen datos de la aplicación y credenciales.

06 Mar 2026, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 13:15

Updated : 2026-04-15 14:53

NVD link : CVE-2018-25164

Mitre link : CVE-2018-25164

CVE.ORG link : CVE-2018-25164

JSON object : View

Products Affected

No product.

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2018-25164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T13:15:57.057", "references": [{"url": "https://www.exploit-db.com/exploits/45868", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/eversync-arbitrary-file-download-via-files-directory", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials."}, {"lang": "es", "value": "EverSync 0.5 contiene una vulnerabilidad de descarga arbitraria de archivos que permite a atacantes no autenticados acceder a archivos sensibles solicit\u00e1ndolos directamente del directorio 'files'. Los atacantes pueden enviar solicitudes GET al directorio 'files' para descargar archivos de base de datos como db.sq3 que contienen datos de la aplicaci\u00f3n y credenciales."}], "lastModified": "2026-04-15T14:53:58.147", "sourceIdentifier": "disclosure@vulncheck.com"}