Security Advisory

CVE-2019-25577

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-21 15:30:36

Last updated 2026-03-23 16:24:31

Assigner VulnCheck

State PUBLISHED

Description

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with directory traversal sequences in the getcss or getjs parameters to retrieve file contents.

← Browse all CVEs View on cve.org ↗