cbcvebase.
CVE-2025-31082
published 2025-04-01

CVE-2025-31082: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack…

PriorityP274high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.74%
50.0th percentile
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through <= 4.0.

Affected

5 ranges
VendorProductVersion rangeFixed in
infornwebnews_blog_designer_pack<= 4.0
msrccbl2_xorg-x11-server_1.20.10-11_on_cbl_mariner_2.0
msrccbl2_xorg-x11-server_1.20.10-15_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.