CVE-2026-32504

Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8

Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected component is the PHP Include/Require functionality. The vulnerable parameter is the filename used in the Include/Require statement.

Recommendations Versions prior to 1.1.8 should be updated.