CLSA-2025-1738833413 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

The vulnerability of the Post Grid, Slider & Carousel Ultimate plugin of the WordPress content management system arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Post Grid, Slider & Carousel plugin in the WordPress content management system is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

CVE-2025-24782

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10...

PT-2025-5226 · Unknown · Mihajlovic Nenad Improved Sale Badges

Name of the Vulnerable Software and Affected Versions: Mihajlovic Nenad Improved Sale Badges – Free Version versions 1.0.1 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as PHP Remote File Inclusion, which...

PT-2025-5225 · Unknown · Webarea Background Animation Blocks

Name of the Vulnerable Software and Affected Versions: WebArea Background animation blocks versions 2.1.5 and earlier Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local...

PT-2025-4502 · Unknown · Roninwp Fat Event Lite

Name of the Vulnerable Software and Affected Versions: Roninwp FAT Event Lite versions 1.1 and earlier Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as 'PHP Remote File Inclusion'. This allows PHP Local File...

CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

CVE-2025-22145

Carbon (PHP DateTime extension) has a vulnerability where unsanitized input passed to Carbon::setLocale could lead to arbitrary file include if a PHP file is uploaded in a folder that is includable. This affects users of the Carbon extension and is mitigated by fixes in Carbon release 3.8.4 and 2...

CVE-2024-53800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15...

CVE-2024-49649

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23...

PT-2025-4476 · Service Shogun · Ach Invoice App

Name of the Vulnerable Software and Affected Versions: Ach Invoice App versions 1.0.1 and earlier Description: The issue is related to improper control of filenames for Include/Require statements in PHP, allowing PHP Local File Inclusion. This problem affects the Service Shogun Ach Invoice App,...

WordPress plugin Ach Invoice App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WPMozo Addons Lite for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-36766 · Woocommerce · Dynamic Product Category Grid

Name of the Vulnerable Software and Affected Versions: Dynamic Product Category Grid, Slider for WooCommerce versions 1.1.3 and earlier Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, allowing PHP Local File Inclusion. This problem c...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, MATRIX Series, arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain access to confidential information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to incorrect management of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain acce...