Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Simple Retail Menus PHP Files Can Be Accidentally Run
CVE-2025-69387
Summary
A security issue in Simple Retail Menus allows an attacker to make the system run unauthorized PHP files, potentially allowing them to access sensitive data or take control of the system. This affects versions 4.2.1 and earlier. To stay secure, update to the latest version of Simple Retail Menus as soon as possible.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local Fi...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through <= 4.2.1.
nvd CVSS3.1
7.5
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026