PHP
Monthly
Reflected cross-site scripting (XSS) in SourceCodester Loan Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /index.php. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability enables attackers to perform actions on behalf of victims or steal sensitive information, though no patch is currently available.
SourceCodester Modern Image Gallery App 1.0 contains a path traversal vulnerability in the /delete.php file that allows unauthenticated remote attackers to manipulate the filename parameter and access or delete arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability can lead to information disclosure or file deletion on affected systems.
The DisallowedRawHtml extension in PHP Commonmark (league/commonmark) versions prior to 2.8.1 can be bypassed by injecting whitespace characters between HTML tag names and closing brackets, allowing malicious scripts to pass sanitization filters and execute in user browsers. Applications relying solely on this extension to sanitize untrusted markdown input are vulnerable to cross-site scripting attacks, though those using additional HTML sanitizers are unaffected. No patch is currently available for affected versions.
Purchase Button For Affiliate Link (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. [CVSS 7.2 HIGH]
Reflected cross-site scripting (XSS) in Wallos password reset functionality before version 4.6.2 allows unauthenticated attackers to inject malicious scripts by manipulating token and email parameters that are output without sanitization. Public exploit code exists for this vulnerability, affecting self-hosted instances of Wallos. A patch is available in version 4.6.2 and later.
Wallos versions prior to 4.6.2 contain a server-side request forgery (SSRF) vulnerability in the webhook notification testing function that fails to restrict requests to private IP ranges, allowing authenticated attackers to read internal server responses. Public exploit code exists for this vulnerability. The vulnerability affects Wallos and has been patched in version 4.6.2.
The Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an a...
Arbitrary PHP code execution in the Easy PHP Settings WordPress plugin through versions 1.0.4 allows authenticated administrators to inject malicious code via inadequately sanitized memory limit configuration parameters that bypass quote filtering in wp-config.php. An attacker with administrator privileges can exploit insufficient input validation in the `update_wp_memory_constants()` method to break out of PHP string context and execute arbitrary commands that execute on every page request. No patch is currently available for this high-severity vulnerability.
PHP object injection in the JS Archive List WordPress plugin (versions up to 6.1.7) allows authenticated contributors and above to deserialize untrusted data through the shortcode 'included' parameter. While no direct exploitation path exists in the plugin itself, attackers could leverage gadget chains from other installed plugins or themes to achieve arbitrary file deletion, information disclosure, or remote code execution. A patch is not currently available.
ZIP Code Based Content Protection (WordPress plugin) versions up to 1.0.2 is affected by sql injection (CVSS 7.5).
Reflected cross-site scripting in GroupOffice installer versions prior to 6.8.155, 25.0.88, and 26.0.10 allows unauthenticated attackers to inject arbitrary scripts through the license parameter in install/license.php. Public exploit code exists for this vulnerability, enabling attackers to execute malicious JavaScript in users' browsers with moderate impact to confidentiality and integrity. The vulnerability requires user interaction and affects the web-accessible installation endpoint.
Missing authorization in Vito server management before 3.20.3. CVSS 9.9.
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. [CVSS 5.3 MEDIUM]
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. [CVSS 8.2 HIGH]
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. [CVSS 8.2 HIGH]
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. [CVSS 8.2 HIGH]
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. [CVSS 7.1 HIGH]
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. [CVSS 5.3 MEDIUM]
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. [CVSS 8.2 HIGH]
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. [CVSS 8.2 HIGH]
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. [CVSS 7.5 HIGH]
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. [CVSS 5.3 MEDIUM]
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. [CVSS 8.2 HIGH]
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. [CVSS 5.3 MEDIUM]
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. [CVSS 8.2 HIGH]
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. [CVSS 8.2 HIGH]
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. [CVSS 8.2 HIGH]
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. [CVSS 8.2 HIGH]
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. [CVSS 7.1 HIGH]
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. [CVSS 8.2 HIGH]
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. [CVSS 6.5 MEDIUM]
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. [CVSS 8.2 HIGH]
ParseGamestate.php in Talishar allows unauthenticated remote attackers to read arbitrary files through path traversal in the gameName parameter when the script is accessed directly, bypassing input validation present in primary application entry points. An attacker can exploit this vulnerability to access sensitive files on the affected server without authentication or user interaction. No patch is currently available for this vulnerability.
Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.
Unauthenticated administrators in WWBN AVideo versions before 24.0 can achieve remote code execution by uploading malicious ZIP files through the plugin upload functionality, which extracts files without proper validation into web-accessible directories. This allows attackers to execute arbitrary PHP code on the server with high impact to confidentiality, integrity, and availability. No patch is currently available for affected PHP installations using vulnerable AVideo versions.
Unauthenticated SQL injection in AVideo before 24.0.
SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.
Reflected cross-site scripting in HSC Cybersecurity Mailinspector through version 5.3.2-3 allows remote attackers to inject malicious scripts via the error_description parameter in the URL handler component. Public exploit code exists for this vulnerability, which could enable attackers to steal session cookies or perform actions on behalf of authenticated users. Users should upgrade to version 5.4.0 or apply the available hotfix immediately.
PHP Object Injection in Database for CF7/WPforms/Elementor forms WordPress plugin.
Local file inclusion in axiomthemes Little Birdies plugin version 1.3.16 and earlier enables unauthenticated remote attackers to read arbitrary files from the server through improper input validation on file inclusion parameters. An attacker can exploit this vulnerability to access sensitive configuration files, source code, or other data without authentication. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Verse PHP theme versions 1.7.0 and earlier allows unauthenticated attackers to read arbitrary files on the server through improper input validation on file inclusion functions. The vulnerability requires specific conditions for exploitation but carries high impact potential including confidentiality and integrity compromise. No patch is currently available.
Local file inclusion in AncoraThemes Midi through version 1.14 enables unauthenticated remote attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file paths in PHP include/require statements, allowing attackers to traverse directories and access sensitive data. Currently no patch is available for this vulnerability.
AncoraThemes Notarius through version 1.9 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this high-severity flaw.
AncoraThemes Veil through version 1.9 contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on the affected server. The vulnerability stems from improper input validation on file include/require statements, enabling attackers to manipulate filename parameters to access sensitive system files. While no patch is currently available, the exploit requires specific conditions (high complexity) to successfully leverage.
Local and remote file inclusion in AncoraThemes Anderson through version 1.4.2 enables attackers to read arbitrary files or execute malicious code on affected systems. The vulnerability stems from improper validation of file paths in PHP include/require statements, allowing unauthenticated attackers to manipulate input parameters over the network. No patch is currently available for this high-severity issue affecting PHP-based installations.
Local file inclusion in ThemeREX Dr.Patterson plugin versions up to 1.3.2 enables unauthenticated attackers to read arbitrary files from the server through improper input validation on file inclusion parameters. The vulnerability allows information disclosure and potential code execution depending on server configuration and accessible files. No patch is currently available for this vulnerability.
Axiomthemes Nirvana version 2.6 and earlier contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper filename validation and could enable information disclosure or facilitate further compromise, though no patch is currently available. With a CVSS score of 8.1 and low exploitation likelihood (0.2% EPSS), organizations running affected versions should prioritize mitigation strategies until an official patch is released.
The Welldone WordPress theme through version 2.4 contains a local file inclusion vulnerability in its PHP include/require handling that enables unauthenticated remote attackers to read arbitrary files from the affected server. With a CVSS score of 8.1, this vulnerability allows full compromise of confidentiality and integrity without requiring user interaction. No patch is currently available, making immediate mitigation through other means necessary.
Local file inclusion in axiomthemes Smart SEO plugin version 2.9 and earlier enables unauthenticated attackers to read arbitrary files from the server through improper input validation in PHP include/require statements. With a CVSS score of 8.1, this vulnerability allows attackers to access sensitive configuration files and potentially execute arbitrary code by including malicious files. No patch is currently available, leaving affected installations vulnerable to active exploitation.
ThemeREX Muzicon through version 1.9.0 contains a local file inclusion vulnerability in its PHP include/require handling that enables unauthenticated remote attackers to read arbitrary files from the server. The vulnerability requires specific conditions to exploit (CVSS 8.1) but carries high confidentiality and integrity impact. No patch is currently available for affected installations.
Local file inclusion in ThemeREX Save Life WordPress plugin version 1.2.13 and earlier enables unauthenticated attackers to read arbitrary files from the server through improper input validation on file include operations. This HIGH severity vulnerability (CVSS 8.1) allows attackers to access sensitive configuration files and potentially escalate to remote code execution, with no patch currently available.
ThemeREX Artrium through version 1.0.14 contains a local file inclusion vulnerability in its PHP include/require statement handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters, potentially enabling attackers to access sensitive configuration files or source code. No patch is currently available for this HIGH severity issue.
ThemeREX WealthCo version 2.18 and earlier contains a local file inclusion vulnerability in its PHP program that allows unauthenticated attackers to read arbitrary files on the server through improper handling of include/require statements. An attacker can exploit this weakness to access sensitive configuration files, source code, or other protected data without authentication. No patch is currently available for this vulnerability.
ThemeREX Marcell through version 1.2.14 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated attackers to read arbitrary files from the affected system. The vulnerability stems from improper validation of filenames in include/require statements, allowing attackers to traverse the filesystem and access sensitive data. No patch is currently available for this high-severity issue.
ThemeREX RexCoin through version 1.2.6 contains a local file inclusion vulnerability in its PHP file handling that permits unauthenticated remote attackers to read arbitrary files from the server. The network-accessible vulnerability requires no user interaction and carries a high severity rating (CVSS 8.1), though a patch is not currently available. Attackers can exploit this to access sensitive configuration files and potentially execute code depending on system permissions.
ThemeREX Ozisti through version 1.1.10 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The improper control of filename parameters in include/require statements enables exploitation without user interaction, though exploitation complexity is moderate. No patch is currently available for this vulnerability.
ThemeREX Sounder plugin through version 1.3.11 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. An attacker can exploit this by manipulating include/require statements to access sensitive files outside the intended directory. No patch is currently available, and exploitation requires specific conditions but carries high impact potential including information disclosure and possible code execution.
ThemeREX Coleo plugin versions 1.1.7 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files from the affected server. The improper validation of include/require statements enables attackers to access sensitive configuration files and potentially execute code by including malicious files. No patch is currently available for this vulnerability.
ThemeREX Gamezone plugin for PHP versions 1.1.11 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. The flaw stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive information. No patch is currently available for this vulnerability.
ThemeREX Daiquiri through version 1.2.4 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, potentially enabling attackers to access sensitive configuration files or source code. No patch is currently available for this vulnerability, though public exploitation remains limited at this time.
ThemeREX Aqualots through version 1.1.6 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to traverse directories and access sensitive data. No patch is currently available for this issue.
Improper input validation in ThemeREX Filmax versions up to 1.1.11 allows unauthenticated attackers to include and execute arbitrary local files through PHP include/require statements, potentially leading to remote code execution. An attacker can exploit this vulnerability over the network without user interaction to read sensitive files or execute malicious code with the privileges of the web server. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Run Gran up to version 2.0 allows unauthenticated attackers to read arbitrary files from the affected system through improper handling of file include/require statements in PHP. With a CVSS score of 8.1, this vulnerability enables confidentiality and integrity compromise, though currently no patch is available.
ThemeREX Mahogany through version 2.9 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file inclusion parameters, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this vulnerability.
ThemeREX Bazinga version 1.1.9 and earlier contains a local file inclusion vulnerability in its PHP include/require statement handling that could allow an attacker to read sensitive files on affected systems. The vulnerability has a high CVSS score of 8.1 and impacts confidentiality, integrity, and availability, though no patch is currently available.
ThemeREX Windsor through version 2.5.0 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames used in PHP include/require statements, enabling attackers to access sensitive system files and application data. No patch is currently available for this high-severity issue.
PHP Local File Inclusion in axiomthemes Conquerors through version 1.2.13 enables attackers to read arbitrary files on affected systems through improper validation of file include/require statements. The vulnerability requires network access but no authentication or user interaction, allowing unauthorized information disclosure and potential code execution. No patch is currently available for this issue.
ThemeREX Vapester versions 1.1.10 and earlier contain a local file inclusion vulnerability in their PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper input validation on filename parameters, enabling attackers to traverse the filesystem and access sensitive configuration files or source code. Currently, no patch is available for this vulnerability.
ThemeREX Le Truffe versions 1.1.7 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive data without authentication. No patch is currently available for this vulnerability.
ThemeREX Rhythmo versions 1.3.4 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive information without authentication or user interaction. No patch is currently available for this high-severity vulnerability (CVSS 8.1).
Local file inclusion in ThemeREX Bassein through version 1.0.15 enables unauthenticated attackers to read arbitrary files on affected servers via improper input validation in file inclusion functions. The vulnerability allows attackers with network access to disclose sensitive configuration files, credentials, and source code without authentication. No patch is currently available, leaving affected installations at risk until an update is released.
Local file inclusion in ThemeREX Legrand through version 2.17 allows unauthenticated attackers to read arbitrary files on the server due to improper validation of include/require statements in PHP. An attacker can exploit this vulnerability over the network without user interaction to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.
ThemeREX Eject plugin versions 2.17 and earlier for PHP contains a local file inclusion vulnerability that allows attackers to read arbitrary files on the server through improper handling of file include statements. An unauthenticated remote attacker can exploit this over the network to access sensitive files or potentially achieve code execution depending on server configuration. No patch is currently available for this vulnerability.
ThemeREX Edge Decor plugin versions 2.2 and earlier contain a local file inclusion vulnerability in PHP that enables attackers to read sensitive files from the affected server without authentication. The improper handling of file inclusion parameters allows remote adversaries to access arbitrary local files, potentially exposing configuration data, credentials, or other sensitive information. No patch is currently available for this vulnerability.
ThemeREX Asia Garden plugin version 1.3.1 and earlier for PHP contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to access sensitive configuration files and other restricted data. No patch is currently available for this high-severity issue affecting websites using vulnerable versions of the plugin.
ThemeREX Happy Baby WordPress theme through version 1.2.12 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated attackers to read arbitrary files from the server. The improper validation of filenames in include/require statements allows an attacker with network access to exploit this weakness without user interaction. Currently no patch is available, though the vulnerability has a relatively low exploitation probability of 0.2%.
ThemeREX Tiger Claw plugin through version 1.1.14 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated remote attackers to read arbitrary files from the server. The weak filename validation allows attackers to manipulate include/require statements to access sensitive data such as configuration files containing database credentials or private keys. No patch is currently available, and exploitation requires moderate attack complexity but poses high risk to confidentiality and integrity of affected systems.
Local file inclusion in ThemeREX S.King through version 1.5.3 enables unauthenticated attackers to read arbitrary files from the server through improper handling of include/require statements in PHP. This high-severity vulnerability (CVSS 8.1) allows disclosure of sensitive information and potential code execution, with no patch currently available.
ThemeREX Dermatology Clinic plugin for PHP versions up to 1.4.3 contains a local file inclusion vulnerability in its filename handling logic that allows unauthenticated attackers to read sensitive files from the server. An attacker can exploit this vulnerability over the network without user interaction to access arbitrary files and potentially execute code on affected systems. No patch is currently available, and exploitation attempts have a low probability of success due to high attack complexity.
ThemeREX Dixon versions up to 1.4.2.1 contain a local file inclusion vulnerability in PHP that enables attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this weakness to access sensitive information and potentially execute arbitrary code by manipulating file inclusion parameters. No patch is currently available for this vulnerability.
ThemeREX Mandala through version 2.8 contains a local file inclusion vulnerability in PHP that permits unauthenticated attackers to read arbitrary files from the affected server. An attacker can exploit improper filename validation in include/require statements to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.
ThemeREX MCKinney's Politics plugin versions up to 1.2.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on affected servers. The flaw stems from improper validation of file paths in PHP include/require statements, enabling attackers to access sensitive configuration files and potentially execute code. No patch is currently available for this vulnerability.
ThemeREX M.Williamson versions 1.2.11 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive system files. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Legal Stone PHP plugin through version 1.2.11 enables attackers to read sensitive files from the affected server without authentication. The vulnerability stems from improper validation of file paths in include/require statements, allowing an attacker to traverse directories and access arbitrary files on the system. With a CVSS score of 8.1 and no patch currently available, affected installations face high risk of information disclosure.
Reflected cross-site scripting (XSS) in SourceCodester Loan Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /index.php. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability enables attackers to perform actions on behalf of victims or steal sensitive information, though no patch is currently available.
SourceCodester Modern Image Gallery App 1.0 contains a path traversal vulnerability in the /delete.php file that allows unauthenticated remote attackers to manipulate the filename parameter and access or delete arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability can lead to information disclosure or file deletion on affected systems.
The DisallowedRawHtml extension in PHP Commonmark (league/commonmark) versions prior to 2.8.1 can be bypassed by injecting whitespace characters between HTML tag names and closing brackets, allowing malicious scripts to pass sanitization filters and execute in user browsers. Applications relying solely on this extension to sanitize untrusted markdown input are vulnerable to cross-site scripting attacks, though those using additional HTML sanitizers are unaffected. No patch is currently available for affected versions.
Purchase Button For Affiliate Link (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. [CVSS 7.2 HIGH]
Reflected cross-site scripting (XSS) in Wallos password reset functionality before version 4.6.2 allows unauthenticated attackers to inject malicious scripts by manipulating token and email parameters that are output without sanitization. Public exploit code exists for this vulnerability, affecting self-hosted instances of Wallos. A patch is available in version 4.6.2 and later.
Wallos versions prior to 4.6.2 contain a server-side request forgery (SSRF) vulnerability in the webhook notification testing function that fails to restrict requests to private IP ranges, allowing authenticated attackers to read internal server responses. Public exploit code exists for this vulnerability. The vulnerability affects Wallos and has been patched in version 4.6.2.
The Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an a...
Arbitrary PHP code execution in the Easy PHP Settings WordPress plugin through versions 1.0.4 allows authenticated administrators to inject malicious code via inadequately sanitized memory limit configuration parameters that bypass quote filtering in wp-config.php. An attacker with administrator privileges can exploit insufficient input validation in the `update_wp_memory_constants()` method to break out of PHP string context and execute arbitrary commands that execute on every page request. No patch is currently available for this high-severity vulnerability.
PHP object injection in the JS Archive List WordPress plugin (versions up to 6.1.7) allows authenticated contributors and above to deserialize untrusted data through the shortcode 'included' parameter. While no direct exploitation path exists in the plugin itself, attackers could leverage gadget chains from other installed plugins or themes to achieve arbitrary file deletion, information disclosure, or remote code execution. A patch is not currently available.
ZIP Code Based Content Protection (WordPress plugin) versions up to 1.0.2 is affected by sql injection (CVSS 7.5).
Reflected cross-site scripting in GroupOffice installer versions prior to 6.8.155, 25.0.88, and 26.0.10 allows unauthenticated attackers to inject arbitrary scripts through the license parameter in install/license.php. Public exploit code exists for this vulnerability, enabling attackers to execute malicious JavaScript in users' browsers with moderate impact to confidentiality and integrity. The vulnerability requires user interaction and affects the web-accessible installation endpoint.
Missing authorization in Vito server management before 3.20.3. CVSS 9.9.
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. [CVSS 5.3 MEDIUM]
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. [CVSS 8.2 HIGH]
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. [CVSS 8.2 HIGH]
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. [CVSS 8.2 HIGH]
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. [CVSS 7.1 HIGH]
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. [CVSS 5.3 MEDIUM]
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. [CVSS 8.2 HIGH]
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. [CVSS 8.2 HIGH]
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. [CVSS 7.5 HIGH]
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. [CVSS 5.3 MEDIUM]
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. [CVSS 8.2 HIGH]
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. [CVSS 5.3 MEDIUM]
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. [CVSS 8.2 HIGH]
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. [CVSS 8.2 HIGH]
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. [CVSS 8.2 HIGH]
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. [CVSS 8.2 HIGH]
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. [CVSS 7.1 HIGH]
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. [CVSS 8.2 HIGH]
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. [CVSS 6.5 MEDIUM]
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. [CVSS 8.2 HIGH]
ParseGamestate.php in Talishar allows unauthenticated remote attackers to read arbitrary files through path traversal in the gameName parameter when the script is accessed directly, bypassing input validation present in primary application entry points. An attacker can exploit this vulnerability to access sensitive files on the affected server without authentication or user interaction. No patch is currently available for this vulnerability.
Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.
Unauthenticated administrators in WWBN AVideo versions before 24.0 can achieve remote code execution by uploading malicious ZIP files through the plugin upload functionality, which extracts files without proper validation into web-accessible directories. This allows attackers to execute arbitrary PHP code on the server with high impact to confidentiality, integrity, and availability. No patch is currently available for affected PHP installations using vulnerable AVideo versions.
Unauthenticated SQL injection in AVideo before 24.0.
SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.
Reflected cross-site scripting in HSC Cybersecurity Mailinspector through version 5.3.2-3 allows remote attackers to inject malicious scripts via the error_description parameter in the URL handler component. Public exploit code exists for this vulnerability, which could enable attackers to steal session cookies or perform actions on behalf of authenticated users. Users should upgrade to version 5.4.0 or apply the available hotfix immediately.
PHP Object Injection in Database for CF7/WPforms/Elementor forms WordPress plugin.
Local file inclusion in axiomthemes Little Birdies plugin version 1.3.16 and earlier enables unauthenticated remote attackers to read arbitrary files from the server through improper input validation on file inclusion parameters. An attacker can exploit this vulnerability to access sensitive configuration files, source code, or other data without authentication. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Verse PHP theme versions 1.7.0 and earlier allows unauthenticated attackers to read arbitrary files on the server through improper input validation on file inclusion functions. The vulnerability requires specific conditions for exploitation but carries high impact potential including confidentiality and integrity compromise. No patch is currently available.
Local file inclusion in AncoraThemes Midi through version 1.14 enables unauthenticated remote attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file paths in PHP include/require statements, allowing attackers to traverse directories and access sensitive data. Currently no patch is available for this vulnerability.
AncoraThemes Notarius through version 1.9 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this high-severity flaw.
AncoraThemes Veil through version 1.9 contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on the affected server. The vulnerability stems from improper input validation on file include/require statements, enabling attackers to manipulate filename parameters to access sensitive system files. While no patch is currently available, the exploit requires specific conditions (high complexity) to successfully leverage.
Local and remote file inclusion in AncoraThemes Anderson through version 1.4.2 enables attackers to read arbitrary files or execute malicious code on affected systems. The vulnerability stems from improper validation of file paths in PHP include/require statements, allowing unauthenticated attackers to manipulate input parameters over the network. No patch is currently available for this high-severity issue affecting PHP-based installations.
Local file inclusion in ThemeREX Dr.Patterson plugin versions up to 1.3.2 enables unauthenticated attackers to read arbitrary files from the server through improper input validation on file inclusion parameters. The vulnerability allows information disclosure and potential code execution depending on server configuration and accessible files. No patch is currently available for this vulnerability.
Axiomthemes Nirvana version 2.6 and earlier contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper filename validation and could enable information disclosure or facilitate further compromise, though no patch is currently available. With a CVSS score of 8.1 and low exploitation likelihood (0.2% EPSS), organizations running affected versions should prioritize mitigation strategies until an official patch is released.
The Welldone WordPress theme through version 2.4 contains a local file inclusion vulnerability in its PHP include/require handling that enables unauthenticated remote attackers to read arbitrary files from the affected server. With a CVSS score of 8.1, this vulnerability allows full compromise of confidentiality and integrity without requiring user interaction. No patch is currently available, making immediate mitigation through other means necessary.
Local file inclusion in axiomthemes Smart SEO plugin version 2.9 and earlier enables unauthenticated attackers to read arbitrary files from the server through improper input validation in PHP include/require statements. With a CVSS score of 8.1, this vulnerability allows attackers to access sensitive configuration files and potentially execute arbitrary code by including malicious files. No patch is currently available, leaving affected installations vulnerable to active exploitation.
ThemeREX Muzicon through version 1.9.0 contains a local file inclusion vulnerability in its PHP include/require handling that enables unauthenticated remote attackers to read arbitrary files from the server. The vulnerability requires specific conditions to exploit (CVSS 8.1) but carries high confidentiality and integrity impact. No patch is currently available for affected installations.
Local file inclusion in ThemeREX Save Life WordPress plugin version 1.2.13 and earlier enables unauthenticated attackers to read arbitrary files from the server through improper input validation on file include operations. This HIGH severity vulnerability (CVSS 8.1) allows attackers to access sensitive configuration files and potentially escalate to remote code execution, with no patch currently available.
ThemeREX Artrium through version 1.0.14 contains a local file inclusion vulnerability in its PHP include/require statement handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters, potentially enabling attackers to access sensitive configuration files or source code. No patch is currently available for this HIGH severity issue.
ThemeREX WealthCo version 2.18 and earlier contains a local file inclusion vulnerability in its PHP program that allows unauthenticated attackers to read arbitrary files on the server through improper handling of include/require statements. An attacker can exploit this weakness to access sensitive configuration files, source code, or other protected data without authentication. No patch is currently available for this vulnerability.
ThemeREX Marcell through version 1.2.14 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated attackers to read arbitrary files from the affected system. The vulnerability stems from improper validation of filenames in include/require statements, allowing attackers to traverse the filesystem and access sensitive data. No patch is currently available for this high-severity issue.
ThemeREX RexCoin through version 1.2.6 contains a local file inclusion vulnerability in its PHP file handling that permits unauthenticated remote attackers to read arbitrary files from the server. The network-accessible vulnerability requires no user interaction and carries a high severity rating (CVSS 8.1), though a patch is not currently available. Attackers can exploit this to access sensitive configuration files and potentially execute code depending on system permissions.
ThemeREX Ozisti through version 1.1.10 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The improper control of filename parameters in include/require statements enables exploitation without user interaction, though exploitation complexity is moderate. No patch is currently available for this vulnerability.
ThemeREX Sounder plugin through version 1.3.11 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. An attacker can exploit this by manipulating include/require statements to access sensitive files outside the intended directory. No patch is currently available, and exploitation requires specific conditions but carries high impact potential including information disclosure and possible code execution.
ThemeREX Coleo plugin versions 1.1.7 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files from the affected server. The improper validation of include/require statements enables attackers to access sensitive configuration files and potentially execute code by including malicious files. No patch is currently available for this vulnerability.
ThemeREX Gamezone plugin for PHP versions 1.1.11 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. The flaw stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive information. No patch is currently available for this vulnerability.
ThemeREX Daiquiri through version 1.2.4 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, potentially enabling attackers to access sensitive configuration files or source code. No patch is currently available for this vulnerability, though public exploitation remains limited at this time.
ThemeREX Aqualots through version 1.1.6 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to traverse directories and access sensitive data. No patch is currently available for this issue.
Improper input validation in ThemeREX Filmax versions up to 1.1.11 allows unauthenticated attackers to include and execute arbitrary local files through PHP include/require statements, potentially leading to remote code execution. An attacker can exploit this vulnerability over the network without user interaction to read sensitive files or execute malicious code with the privileges of the web server. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Run Gran up to version 2.0 allows unauthenticated attackers to read arbitrary files from the affected system through improper handling of file include/require statements in PHP. With a CVSS score of 8.1, this vulnerability enables confidentiality and integrity compromise, though currently no patch is available.
ThemeREX Mahogany through version 2.9 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file inclusion parameters, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this vulnerability.
ThemeREX Bazinga version 1.1.9 and earlier contains a local file inclusion vulnerability in its PHP include/require statement handling that could allow an attacker to read sensitive files on affected systems. The vulnerability has a high CVSS score of 8.1 and impacts confidentiality, integrity, and availability, though no patch is currently available.
ThemeREX Windsor through version 2.5.0 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames used in PHP include/require statements, enabling attackers to access sensitive system files and application data. No patch is currently available for this high-severity issue.
PHP Local File Inclusion in axiomthemes Conquerors through version 1.2.13 enables attackers to read arbitrary files on affected systems through improper validation of file include/require statements. The vulnerability requires network access but no authentication or user interaction, allowing unauthorized information disclosure and potential code execution. No patch is currently available for this issue.
ThemeREX Vapester versions 1.1.10 and earlier contain a local file inclusion vulnerability in their PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper input validation on filename parameters, enabling attackers to traverse the filesystem and access sensitive configuration files or source code. Currently, no patch is available for this vulnerability.
ThemeREX Le Truffe versions 1.1.7 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive data without authentication. No patch is currently available for this vulnerability.
ThemeREX Rhythmo versions 1.3.4 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive information without authentication or user interaction. No patch is currently available for this high-severity vulnerability (CVSS 8.1).
Local file inclusion in ThemeREX Bassein through version 1.0.15 enables unauthenticated attackers to read arbitrary files on affected servers via improper input validation in file inclusion functions. The vulnerability allows attackers with network access to disclose sensitive configuration files, credentials, and source code without authentication. No patch is currently available, leaving affected installations at risk until an update is released.
Local file inclusion in ThemeREX Legrand through version 2.17 allows unauthenticated attackers to read arbitrary files on the server due to improper validation of include/require statements in PHP. An attacker can exploit this vulnerability over the network without user interaction to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.
ThemeREX Eject plugin versions 2.17 and earlier for PHP contains a local file inclusion vulnerability that allows attackers to read arbitrary files on the server through improper handling of file include statements. An unauthenticated remote attacker can exploit this over the network to access sensitive files or potentially achieve code execution depending on server configuration. No patch is currently available for this vulnerability.
ThemeREX Edge Decor plugin versions 2.2 and earlier contain a local file inclusion vulnerability in PHP that enables attackers to read sensitive files from the affected server without authentication. The improper handling of file inclusion parameters allows remote adversaries to access arbitrary local files, potentially exposing configuration data, credentials, or other sensitive information. No patch is currently available for this vulnerability.
ThemeREX Asia Garden plugin version 1.3.1 and earlier for PHP contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to access sensitive configuration files and other restricted data. No patch is currently available for this high-severity issue affecting websites using vulnerable versions of the plugin.
ThemeREX Happy Baby WordPress theme through version 1.2.12 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated attackers to read arbitrary files from the server. The improper validation of filenames in include/require statements allows an attacker with network access to exploit this weakness without user interaction. Currently no patch is available, though the vulnerability has a relatively low exploitation probability of 0.2%.
ThemeREX Tiger Claw plugin through version 1.1.14 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated remote attackers to read arbitrary files from the server. The weak filename validation allows attackers to manipulate include/require statements to access sensitive data such as configuration files containing database credentials or private keys. No patch is currently available, and exploitation requires moderate attack complexity but poses high risk to confidentiality and integrity of affected systems.
Local file inclusion in ThemeREX S.King through version 1.5.3 enables unauthenticated attackers to read arbitrary files from the server through improper handling of include/require statements in PHP. This high-severity vulnerability (CVSS 8.1) allows disclosure of sensitive information and potential code execution, with no patch currently available.
ThemeREX Dermatology Clinic plugin for PHP versions up to 1.4.3 contains a local file inclusion vulnerability in its filename handling logic that allows unauthenticated attackers to read sensitive files from the server. An attacker can exploit this vulnerability over the network without user interaction to access arbitrary files and potentially execute code on affected systems. No patch is currently available, and exploitation attempts have a low probability of success due to high attack complexity.
ThemeREX Dixon versions up to 1.4.2.1 contain a local file inclusion vulnerability in PHP that enables attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this weakness to access sensitive information and potentially execute arbitrary code by manipulating file inclusion parameters. No patch is currently available for this vulnerability.
ThemeREX Mandala through version 2.8 contains a local file inclusion vulnerability in PHP that permits unauthenticated attackers to read arbitrary files from the affected server. An attacker can exploit improper filename validation in include/require statements to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.
ThemeREX MCKinney's Politics plugin versions up to 1.2.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on affected servers. The flaw stems from improper validation of file paths in PHP include/require statements, enabling attackers to access sensitive configuration files and potentially execute code. No patch is currently available for this vulnerability.
ThemeREX M.Williamson versions 1.2.11 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive system files. No patch is currently available for this vulnerability.
Local file inclusion in ThemeREX Legal Stone PHP plugin through version 1.2.11 enables attackers to read sensitive files from the affected server without authentication. The vulnerability stems from improper validation of file paths in include/require statements, allowing an attacker to traverse directories and access arbitrary files on the system. With a CVSS score of 8.1 and no patch currently available, affected installations face high risk of information disclosure.