CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a through <= 1.1.1.
Explanation of Vulnerability in Simple Terms
Premium Addons for KingComposer versions 1.1.1 and earlier contain a code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code on affected sites. The vulnerability requires high attack complexity but no user interaction. Successful exploitation grants full control over the site's functionality and data.
What an attacker can do
Run arbitrary PHP code on the site without authentication.
Potential impact on your site
Complete compromise of site functionality, data theft, and malware installation possible.
Conditions required to exploit
Network access to the site; high attack complexity (specific conditions must be met).
Key dates
External resources
Related vulnerabilities
