Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
ThemeREX Global Logistics allows hackers to access local files
CVE-2026-28018
Summary
A weakness in ThemeREX Global Logistics allows attackers to access local files on the server, potentially exposing sensitive data. This issue affects versions 1.0 through 3.20 of the software. To stay secure, update to the latest version or apply a patch.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.Th...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through <= 3.20.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026