PHP Local File Inclusion Vulnerability in Deetronix Affiliate Coupons
CVE-2025-26957
7.5HIGH
Key Information:
- Vendor
- Deetronix
- Status
- Affiliate Coupons
- Vendor
- CVE Published:
- 25 February 2025
Summary
A vulnerability in the Deetronix Affiliate Coupons plugin allows for improper control of filenames in PHP include/require statements, leading to potential execution of malicious files on the server. This flaw permits attackers to exploit local file inclusion, potentially compromising the security and integrity of the host application. The issue is present in all versions up to and including 1.7.3, making it crucial for users to apply patches or updates to mitigate risks.
Affected Version(s)
Affiliate Coupons <= 1.7.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Peter Thaleikis (Patchstack Alliance)