CVE-2025-30835

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-98
View all →

Vulnerability Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8.

Related Vulnerabilities

CVE-2016-6565

HIGH
CVSS:7.5(High)

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to...

CWE-982016

CVE-2019-5479

HIGH
CVSS:7.5(High)

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).

CWE-982019

CVE-2020-13175

HIGH
CVSS:7.5(High)

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local fil...

CWE-982020

CVE-2022-41547

HIGH
CVSS:7.5(High)

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to re...

CWE-982022

CVE-2022-44786

HIGH
CVSS:7.5(High)

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This aff...

CWE-982022

CVE-2023-31716

HIGH
CVSS:7.5(High)

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log

CWE-982023