CVE-2025-31340

Name of the Vulnerable Software and Affected Versions Wisdom Master Pro versions 5.0 through 5.2

Description A vulnerability in the retrieve course Information function of Wisdom Master Pro allows remote attackers to perform arbitrary system commands by running a malicious file due to improper control of filename for include/require statement in PHP program. This issue enables remote code execution with no authentication.

Recommendations For Wisdom Master Pro versions 5.0 through 5.2, consider disabling the retrieve course Information function until a patch is available to prevent exploitation. Restrict access to the vulnerable PHP program to minimize the risk of arbitrary system command execution. Avoid using the vulnerable include/require statement in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.