CVE-2025-49886

Name of the Vulnerable Software and Affected Versions: Zikzag Core versions 1.4.5 and earlier

Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusion.

Recommendations: For Zikzag Core versions 1.4.5 and earlier, update to a version that fixes this issue, as the current version allows for PHP Local File Inclusion due to improper control of filename for include/require statements. At the moment, there is no information about a newer version that contains a fix for this vulnerability.