CVE-2025-22656

Name of the Vulnerable Software and Affected Versions: Oscar Alvarez Cookie Monster versions 1.2.2 and earlier

Description: The issue is related to improper control of filename for include/require statement in PHP program, allowing PHP Local File Inclusion. This is also known as 'PHP Remote File Inclusion'.

Recommendations: For versions 1.2.2 and earlier, consider disabling the include/require statement functionality until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using user-supplied input for filenames in include/require statements.