CVE-2026-25382

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jwsthemes IdealAuto versions prior to 3.8.6

Description A flaw exists in the handling of filenames used in include/require statements within the PHP program, specifically in jwsthemes IdealAuto. This allows for PHP Local File Inclusion. The issue affects the IdealAuto software.

Recommendations Update jwsthemes IdealAuto to version 3.8.6 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2026-25382

Affected Products

Idealauto

CVE-2026-25382

Weakness Enumeration

Related Identifiers

Affected Products

References · 3