CVE-2025-32589

Name of the Vulnerable Software and Affected Versions: odude Flexi – Guest Submit versions 4.28 and earlier

Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusion. This affects the functionality of the software, potentially leading to security issues.

Recommendations: For versions 4.28 and earlier, update to a version that includes a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.