Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Saveo: Attackers can access local files on your server
CVE-2026-22377
Summary
The Saveo software allows an attacker to access any file on your server by tricking the system into including the wrong file in a PHP program. This can lead to sensitive information being stolen or malicious code being executed. Update to version 1.1.3 or later to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects ...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026