Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
PHP File Inclusion in thembay Urna Could Leak Sensitive Data
CVE-2025-67982
Summary
A flaw in thembay Urna's PHP code allows hackers to access and view sensitive files on the server. This could lead to unauthorized data disclosure. Users should update to the latest version of thembay Urna (version 2.5.13 or later) to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: f...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026