Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2024-44048

Medium

6.5/10

Summary

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through <= 1.9.10.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References

Advisory Timeline

Published Sep 23, 2024

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2024-44048

Summary

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS