CVE-2023-4195: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

August 6, 2023 (updated August 10, 2023)

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

References

github.com/advisories/GHSA-xcq3-7pf3-5jvc
github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b
huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-06518656bfd6
nvd.nist.gov/vuln/detail/CVE-2023-4195

Detect and mitigate CVE-2023-4195 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →