PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

PT-2025-8914

Name of the Vulnerable Software and Affected Versions io.pebbletemplates:pebble versions affected versions not specified Description The issue allows an attacker to control file names or paths via the include tag, potentially accessing sensitive local files like /etc/passwd or /proc/1/environ by...

External Control of File Name or Path

Overview io.pebbletemplates:pebble is a java templating engine inspired by Twig. Affected versions of this package are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates...