PT-2026-43206 · Unknown · Magentech Sw Core

João Pedro S Alcântara

+1

·

Published

2026-05-26

·

Updated

2026-06-09

·

CVE-2026-39661

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Magentech SW Core versions prior to 1.7.18
Description Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) allows for PHP Local File Inclusion. This occurs when the application fails to properly validate the filename used in include or require statements, potentially allowing an attacker to include files from the local system.
Recommendations Update to version 1.7.18 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-39661

Affected Products

Magentech Sw Core