CVE-2025-49278 – Blogty PHP RFI Vulnerability

June 9, 2025

CVE ID : CVE-2025-49278

Published : June 9, 2025, 4:15 p.m. | 25 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Unfoldwp Blogty allows PHP Local File Inclusion. This issue affects Blogty: from n/a through 1.0.11.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49279 – Unfoldwp Blogvy PHP Remote File Inclusion

Next Article CVE-2025-49277 – Unfoldwp Blogprise PHP Remote File Inclusion Vulnerability

Highlights

CVE-2025-48390 – FreeScout Remote Code Injection Vulnerability

May 29, 2025

CVE ID : CVE-2025-48390

Published : May 29, 2025, 4:15 p.m. | 47 minutes ago

Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking user input, the file_exists function is also called to check for the presence of such a file (folder) in the file system. A user with the administrator role can create a translation for the language, which will create a folder in the file system. Further in tools.php, the user can specify the path to this folder as php_path, which will lead to the execution of code in backticks. This issue has been patched in version 1.8.178.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

Most AI projects are abandoned – 5 ways to ensure your data efforts succeed

The details of TC39’s last meeting

The details of TC39’s last meeting

new Date(“wtf”) – How well do you know JavaScript’s Date class?

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

DistroWatch Weekly, Issue 1130

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

CVE-2025-49278 – Blogty PHP RFI Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

JamesDSP is an audio effect processor for Pipewire

CVE-2025-53509 – Advantech iView Argument Injection Vulnerability

Build and Deploy a Polished AI Project and Get Sales

Akamai diventa il fornitore ufficiale dell’infrastruttura del kernel Linux

CVE-2025-48390 – FreeScout Remote Code Injection Vulnerability

CVE-2025-42980 – SAP NetWeaver Enterprise Portal Deserialization Remote Code Execution Vulnerability

Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks

CVE-2025-5063 – Google Chrome Use After Free in Compositing Vulnerability

CVE-2025-49278 – Blogty PHP RFI Vulnerability

Related Posts