CVE-2024-49649 | Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress Include/Require filename control

Posted by Angelo Barbosa | Jan 7, 2025 | CVE

A vulnerability has been found in Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress and classified as very critical. Affected by this vulnerability is the function Include/Require. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-49649. The attack can be launched remotely. There is no exploit available.

CVE-2024-49649 | Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress Include/Require filename control

Related Posts

CVE-2024-8908 | Google Chrome up to 128.0.6613.137 Autofill Remote Code Execution

CVE-2024-5424 | gallerycreator Gallery Blocks with Lightbox. Image Gallery Plugin cross site scripting

CVE-2024-3765 | Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control

CVE-2023-26689 | CS-Cart MultiVendor 4.16.1 POST Request