CVE-2025-31014

Name of the Vulnerable Software and Affected Versions: ho3einie Material Dashboard versions 1.4.5 and earlier

Description: The issue is related to an improper control of filename for include/require statement in PHP, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusion. This means that an attacker could potentially include and execute local files on the server, leading to unauthorized access or code execution.

Recommendations: For versions 1.4.5 and earlier, consider disabling the include/require functionality until a patch is available, or restrict access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using user-supplied input for filename variables in include/require statements.