What the vulnerability does
01Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
02Summary
Algenix versions 1.0 and earlier contain a remote code execution vulnerability accessible over the network without authentication. An attacker can execute arbitrary code on the server by exploiting improper input handling. This affects confidentiality, integrity, and availability of the site. Update to a version newer than 1.0 immediately.
What an attacker can do
03Attacker Capabilities
Run their own code on the server without logging in.
Potential impact on your site
04Site Impact
Complete compromise of the site: data theft, malware injection, and service disruption.
Conditions required to exploit
05Prerequisites
Network access to the Algenix application; no authentication required.
Key dates
06Disclosure timeline
December 18, 2025
CVE published
April 28, 2026
Record updated