EUVD-2025-204164

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...

EUVD-2025-204176

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...

EUVD-2025-204224

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...

PT-2025-52027

Name of the Vulnerable Software and Affected Versions AncoraThemes Emberlyn versions through 1.3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2025-52031

Name of the Vulnerable Software and Affected Versions axiomthemes Plan My Day versions through 1.1.13 Description An issue exists in axiomthemes Plan My Day that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This could allow for unauthoriz...

PT-2025-52117

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Winger winger allows PHP Local File Inclusion.This issue affects Winger: from n/a through = 1.0.16...

PT-2025-52075

Name of the Vulnerable Software and Affected Versions axiomthemes Critique versions through 1.17 Description A flaw exists in axiomthemes Critique that allows for PHP Local File Inclusion due to an improper control of filename for include/require statement. This issue is related to a 'PHP Remote...

PT-2025-52068

Name of the Vulnerable Software and Affected Versions axiomthemes Good Mood versions through 1.16 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

Webedition CMS 安全漏洞

Webedition CMS is an open source web application framework from German company Webedition. A security vulnerability exists in Webedition CMS version v2.9.8.8, which stems from the presence of a remote code execution vulnerability that could lead to the creation of injected system commands via PHP...

CVE-2025-67532

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...

EUVD-2025-198439

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

CVE-2025-58994 WordPress Greenify theme <= 2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affects Greenify: from n/a through = 2.2...

PT-2025-45258

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through = 1.2.2...

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by kr0no in WordPress Plugin WP Maps versions = 4.8.6...

CVE-2020-36863

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

CVE-2025-62524

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

PT-2025-44037

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...