CVE-2025-11023
9.8 CRITICALInclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP...
Published: 2025-10-23 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-829, CWE-98
Description
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion. This issue affects AcBakImzala: before v5.1.4.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53810 — OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading towar... (8.8 HIGH)
- CVE-2026-52858 — Vim is an open source, command line text editor
- CVE-2026-47174 — In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes
- CVE-2026-47172 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-46529 — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux