What the vulnerability does
01Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42.
Explanation of Vulnerability in Simple Terms
ITok versions up to 1.1.42 contain a flaw that allows an attacker to read sensitive data, modify site content, or disrupt service availability. The vulnerability requires network access and complex attack conditions but no authentication. All three impact categories—confidentiality, integrity, and availability—are affected.
What an attacker can do
Read sensitive data, modify content, or disrupt the site without logging in.
Potential impact on your site
Attackers can steal data, alter pages, or take the site offline without needing a user account.
Conditions required to exploit
Network access and specific technical conditions; no user interaction or authentication required.
Key dates
External resources
Related vulnerabilities