Remote file inclusion in ArkSigner AcBakImzala versions before 5.1.4 allows unauthenticated attackers to coerce the PHP application into including attacker-controlled files, resulting in local file inclusion and potential remote code execution. The CVSS 9.8 score reflects network-reachable, no-authentication exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
PHP
Information Disclosure
LFI
NVD
VulDB
CVSS 3.1
9.8
EPSS
0.2%