CVE-2025-49261

Name of the Vulnerable Software and Affected Versions thembay Diza versions 1.3.8 and earlier

Description The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a type of security vulnerability that can occur when a PHP application includes or requires files without properly validating the filename, potentially allowing an attacker to include arbitrary files.

Recommendations For thembay Diza versions 1.3.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.