Billey
Monthly
Local File Inclusion in the ThemeMove 'Billey' premium WordPress theme (versions up to and including 2.1.8) lets an authenticated attacker with low privileges control a filename used in a PHP include/require statement, exposing sensitive server-side files such as wp-config.php. Classified by Patchstack under CWE-98 (PHP Remote File Inclusion) but resolving to Local File Inclusion in practice, the flaw carries a CVSS 7.5 rating and no public exploit identified at time of analysis. Under specific conditions PHP file inclusion can escalate from information disclosure toward code execution via techniques such as log poisoning.
Local File Inclusion in the ThemeMove 'Billey' premium WordPress theme (versions up to and including 2.1.8) lets an authenticated attacker with low privileges control a filename used in a PHP include/require statement, exposing sensitive server-side files such as wp-config.php. Classified by Patchstack under CWE-98 (PHP Remote File Inclusion) but resolving to Local File Inclusion in practice, the flaw carries a CVSS 7.5 rating and no public exploit identified at time of analysis. Under specific conditions PHP file inclusion can escalate from information disclosure toward code execution via techniques such as log poisoning.