CVE-2024-49690

CWE-983 documents3 sources
Severity
8.8HIGH
EPSS
2.6%
top 14.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qodeinteractive QI BlocksQode QI Blocks
Timeline
PublishedOct 23

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qode/qi_blocks1.3.2

🔴Vulnerability Details

2
CVEList
WordPress Qi Blocks plugin <= 1.3.2 - Local File Inclusion vulnerability2024-10-23
GHSA
GHSA-jfpv-3cc9-x9c2: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qi Blocks2024-10-23
CVE-2024-49690 (HIGH CVSS 8.8) | Improper Control of Filename for In | cvebase.io