CVE-2025-48293
BaseFortify
Publication date: 2025-08-14
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | geo_mashup | 1.13.16 |
| patchstack | geo_mashup | 1.13.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper control of filename for include/require statements in the PHP program Geo Mashup by Dylan Kuhn. It allows PHP Local File Inclusion, meaning an attacker can include and execute files on the server that should not be accessible, potentially leading to unauthorized code execution.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure of sensitive information, full system compromise, and disruption of service. Because it allows local file inclusion, an attacker can execute arbitrary code, leading to complete control over the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it can lead to unauthorized access and disclosure of sensitive personal or health information, violating data protection and privacy requirements.