CVE-2025-68544

Name of the Vulnerable Software and Affected Versions Thembay Diza versions through 1.3.15

Description An improper control of filename for include/require statement exists in Thembay Diza, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files, potentially leading to code execution or information disclosure. The vulnerability stems from insufficient validation of file paths used in include or require statements within the application.

Recommendations Update Thembay Diza to a version later than 1.3.15.