VDB

CVE-2023-26005

CVE-2023-26005 PUBLISHED CVSS 8.100000381469727 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4.

EPSS 0.55% · 68.3th percentile

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.55%
68.3th percentile

Affected Products

VendorProductVersions
BZOThemeFitrush*

Timeline

  • Jun 9, 2025 CVE Published
  • Jun 10, 2025 EPSS Score
  • Jun 21, 2025 EPSS Score
  • Jul 1, 2025 EPSS Score
  • Jul 12, 2025 EPSS Score
  • Jul 22, 2025 EPSS Score
  • Aug 2, 2025 EPSS Score
  • Aug 12, 2025 EPSS Score
  • Aug 23, 2025 EPSS Score
  • Sep 2, 2025 EPSS Score
  • Sep 13, 2025 EPSS Score
  • Sep 23, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›