Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Nika: Malicious Files Can Be Loaded from Local System
CVE-2025-68545
Summary
A security risk exists in versions of Nika up to 1.2.14. Attackers can exploit this by tricking Nika into loading malicious files from the local system, potentially leading to unauthorized actions. Update to a fixed version to mitigate this risk.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: f...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
nvd CVSS3.1
9.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026