Gamic
Monthly
Local file inclusion in the ThemeRex Gamic WordPress theme versions 1.15 and earlier allows unauthenticated remote attackers to coerce the PHP application into including arbitrary files via crafted parameters. Successful exploitation can expose sensitive configuration data (including wp-config.php) and, depending on server configuration, may escalate to remote code execution through log poisoning or session-file inclusion. No public exploit identified at time of analysis, and the issue has not been listed in CISA KEV.
Local file inclusion in the ThemeRex Gamic WordPress theme versions 1.15 and earlier allows unauthenticated remote attackers to coerce the PHP application into including arbitrary files via crafted parameters. Successful exploitation can expose sensitive configuration data (including wp-config.php) and, depending on server configuration, may escalate to remote code execution through log poisoning or session-file inclusion. No public exploit identified at time of analysis, and the issue has not been listed in CISA KEV.