Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Tooth Fairy: Local File Access from Untrusted Input
CVE-2026-22428
Summary
A flaw in Tooth Fairy allows an attacker to access files on the server by entering malicious input. This could potentially allow the attacker to view sensitive information or disrupt the site's operation. Update Tooth Fairy to version 1.17 or later to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This is...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue affects Tooth Fairy: from n/a through <= 1.16.
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026