CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability

1月 8, 2025
10:17 pm

CVE ID : CVE-2025-22145

Published : Jan. 8, 2025, 9:15 p.m. | 1 hour, 1 minute ago

Description : Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability

Elvescore.io

Recent Posts

CVE-2024-56376 – REDCap Cross-Site Scripting (XSS)

CVE-2024-56377 – REDCap Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21380 – Azure SaaS Resource Authentication Bypass

CVE-2023-28354 – Opsview Monitor Agent Command Injection

CVE-2024-46464 – PRIMX ZED Enterprise Local File Manipulation Privilege Escalation

CVE-2024-51229 – LinZhaoguan pb-cms Cross Site Scripting (XSS)

CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability

CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability