CVE-2025-60193

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through = 1.0.13...

CVE-2025-60240

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-60203

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through = 2.7.6...

CVE-2025-64287

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion.This issue affects Alloggio - Hotel Booking: from n/a through = 1.8...

CVE-2025-62055

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through 1.3...

CVE-2025-62053

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through 4.2.0...

CVE-2025-62045

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

CVE-2025-48330

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms...

CVE-2025-39468

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through = 2.0.2.0.1...

PT-2025-45469

Name of the Vulnerable Software and Affected Versions AstrBot Project version 3.5.22 Description The software contains a directory traversal issue. The install plugin upload function within the '/plugin/install-upload' interface directly uses a filename from the request body, assigning it to the...

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

CVE-2025-57698

AstrBot Project v3.5.22 is affected by a directory traversal vulnerability in the install_plugin_upload handler at /plugin/install-upload. The code parses the filename from the request body and assigns it directly to file_path without validation, then passes file_path to file.save, enabling an at...

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

AstrBot 安全漏洞

AstrBot is a multi-platform LLM chatbot and development framework open-sourced by AstrBot. A security vulnerability exists in AstrBot version v3.5.22, which stems from an incorrect manipulation of the parameter filename in the file /plugin/install-upload, which could lead to a directory traversal...

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

CVE-2025-34239

CVE-2025-34239 affects Advantech WebAccess/VPN before version 1.1.5. A command injection exists in AppManagementController.appUpgradeAction(), allowing an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename. V...

EUVD-2025-38060

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion.This issue affects Alloggio - Hotel Booking: from n/a through = 1.8...