Scdv28014 - Updated

Improper Control of Filename for Include/Require Statement ('PHP Remote File Inclusion'). Affected Software: ThemeREX Translogic. Version Range: All versions from n/a through <= 1.2.11.

A robust WAF can help filter out malicious "include" requests that attempt to exploit LFI vulnerabilities. scdv28014 updated

A stable fix has been released by the developers to close the security loop. scdv28014 updated

Increased monitoring may be required if active exploits are detected in the wild. Recommended Actions for Users scdv28014 updated

As of , official records from CVE.org have categorized this vulnerability under the following updated parameters:

Ensure your software is upgraded beyond version 1.2.11 to the latest stable release.