CVE-2024-56216
MEDIUM WAF: High
CVSS 6.5
Published: 2024-12-31
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3.
WAF Coverage Analysis
PHP Remote File Inclusion
High WAF Coverage
OWASP: A03:2021 Injection
931xxx - Remote File Inclusion 933xxx - PHP Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| themify | builder | up to 7.6.3 |
References
- patchstack.com (Third Party Advisory)