CVE-2026-48972
7.5 HIGHImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC See...
Published: 2026-05-27 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-98
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-49954 — Discuz (7.2 HIGH)
- CVE-2016-20082 — WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by... (6.2 MEDIUM)
- CVE-2016-20080 — WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenti... (6.2 MEDIUM)
- CVE-2016-20079 — WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to includ... (6.2 MEDIUM)
- CVE-2016-20078 — WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary... (6.2 MEDIUM)