PT-2025-36250 · Unknown · Inpost Gallery

Lvt-Tholv2K

Published

2025-09-05

Updated

2025-09-05

CVE-2025-57889

Report an issue

CVSS v3.1

7.5

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

InPost Gallery versions through 2.1.4.5

Description:

The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion.

Recommendations:

Update InPost Gallery to a version later than 2.1.4.5.

Fix

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2025-57889

Affected Products

Inpost Gallery

PT-2025-36250 · Unknown · Inpost Gallery

Weakness Enumeration

Related Identifiers

Affected Products

References · 3