CVE-2025-27011

Name of the Vulnerable Software and Affected Versions magepeopleteam Booking and Rental Manager versions 2.2.8 and earlier

Description The issue is related to an improper control of filename for include/require statement in PHP programs, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusion.

Recommendations For versions 2.2.8 and earlier, update to a version later than 2.2.8 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable include and require statements in PHP programs until a patch is available.