Primary

Context

EverSync Arbitrary File Download Vulnerability

Vulnerability

An arbitrary file download vulnerability has been identified in EverSync version 0.5. This vulnerability allows unauthenticated attackers to access sensitive files by directly requesting them from the application's files directory. Exploitation involves sending GET requests to download database files, such as 'db.sq3', which may contain application data and credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive application data and credentials stored in the database file.

Reproduction

To reproduce this vulnerability, send a GET request to the files directory of the EverSync application. Include the 'db.sq3' file in the request. The server response should include the requested database file, indicating successful exploitation.

Added: Mar 6, 2026, 1:30 PM

Updated: Mar 6, 2026, 1:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EverSync Arbitrary File Download Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating