CVE-2025-32614

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2

Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion.

Recommendations: For versions prior to 2.3.2, update to version 2.3.2 or later. For version 2.3.2, consider disabling the vulnerable Include/Require statement until a patch is available. Restrict access to sensitive files to minimize the risk of exploitation.