CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

June 17, 2025

CVE ID : CVE-2025-49508

Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in LoftOcean CozyStay allows PHP Local File Inclusion. This issue affects CozyStay: from n/a through n/a.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49444 – Merkulove Reformer for Elementor Unrestricted File Upload Vulnerability

Next Article CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

Highlights

CVE-2025-6339 – Ponaravindb Hospital Management System SQL Injection

June 20, 2025

CVE ID : CVE-2025-6339

Published : June 20, 2025, 12:15 p.m. | 2 hours, 28 minutes ago

Description : A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

I switched to a high-end dumbphone for a week, and it put E Ink (and my iPhone) to shame

Cosmicding is a client to manage your linkding bookmarks

Microsoft shadow launched this mouse that pairs with the new Surface Pro and Surface Laptop perfectly

UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes

CVE-2025-6339 – Ponaravindb Hospital Management System SQL Injection

Hackers Exploit Craft CMS Flaws: A Deep Dive into CVE-2025–32432

Making V8 eager to compile your JavaScript

CVE-2025-34061 – PHPStudy Unauthenticated Remote Code Execution Backdoor

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Related Posts