Vulnerabilities > CVE-2024-49649 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

buildapp

CWE-829

critical

NVD

Published: 2025-01-07

Updated: 2025-02-05

Summary

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.

Vulnerable Configurations

Part	Description	Count
Application	Buildapp Buildapp Build APP Online 1.0.1 Buildapp Build APP Online 1.0.2 Buildapp Build APP Online 1.0.3 Buildapp Build APP Online 1.0.4 Buildapp Build APP Online 1.0.5 Buildapp Build APP Online 1.0.6 Buildapp Build APP Online 1.0.7 Buildapp Build APP Online 1.0.8 Buildapp Build APP Online 1.0.9 Buildapp Build APP Online 1.0.10 Buildapp Build APP Online 1.0.11 Buildapp Build APP Online 1.0.12 Buildapp Build APP Online 1.0.13 Buildapp Build APP Online 1.0.14 Buildapp Build APP Online 1.0.15 Buildapp Build APP Online 1.0.16 Buildapp Build APP Online 1.0.17 Buildapp Build APP Online 1.0.18 Buildapp Build APP Online 1.0.19 Buildapp Build APP Online 1.0.20 Buildapp Build APP Online 1.0.21 Buildapp Build APP Online 1.0.22 Buildapp Build APP Online 1.0.23	23

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability?_s_id=cve