Primary

Context

Ilevia EVE X1 Server File Disclosure Vulnerability

Vulnerability

A pre-authentication file disclosure vulnerability has been identified in Ilevia EVE X1 Server versions through 4.7.18.0.eden. This vulnerability allows remote attackers to retrieve arbitrary files from the server by exploiting the 'db_log' POST parameter, potentially exposing sensitive system information and credentials.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive files on the server, including system information and credentials.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'http://<target>:8080/ajax/php/dbcheck.php' with the 'db_log' parameter set to the path of the file to be disclosed, such as '/etc/passwd'.

Added: Sep 16, 2025, 8:20 PM

Updated: Sep 16, 2025, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ilevia EVE X1 Server File Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating