PT-2026-23218 · Unknown · Fuelthemes
João Pedro S Alcântara
+1
·
Published
2026-03-05
·
Updated
2026-03-07
·
CVE-2026-23801
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
fuelthemes versions prior to 1.6.11
Description
The software contains an Improper Control of Filename for Include/Require Statement issue, also known as PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The vulnerable component is susceptible to exploitation through the inclusion of external files.
Recommendations
Update fuelthemes to a version newer than 1.6.11.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fuelthemes