CVE-2025-24685

Name of the Vulnerable Software and Affected Versions Morkva UA Shipping versions 1.0.0 through 1.0.18

Description The issue is a Path Traversal vulnerability that allows PHP Local File Inclusion. This means an attacker could potentially access and include local files on the server, which could lead to sensitive information disclosure or code execution.

Recommendations For versions 1.0.0 through 1.0.18, update to a version later than 1.0.18 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using vulnerable functions or parameters that could be used for PHP Local File Inclusion until the issue is resolved. At the moment, there is no information about additional mitigation measures.