CVE-2025-47498

Name of the Vulnerable Software and Affected Versions nicdark Hotel Booking versions n/a through 3.6

Description The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a type of security vulnerability that can occur when a PHP application includes or requires files without properly validating the filename, potentially allowing an attacker to include arbitrary files.

Recommendations For versions n/a through 3.6, update to a version that fixes the Improper Control of Filename for Include/Require Statement issue to prevent PHP Local File Inclusion. As a temporary workaround, consider restricting the use of include/require statements in the PHP program to minimize the risk of exploitation.