CVE-2025-68544
Local File Inclusion Vulnerability in Thembay Diza PHP
Publication date: 2025-12-23
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thembay | diza | 1.3.15 |
| thembay | diza | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper control of filename for include/require statements in the PHP program Thembay Diza, leading to a PHP Local File Inclusion issue. It allows an attacker to include files on the server through the PHP include or require functions, potentially leading to unauthorized access or code execution.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary code, access sensitive files, or disrupt the availability of the application. It can lead to a full compromise of the affected system, including confidentiality, integrity, and availability breaches.