CVE-2025-31340

Summary

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.

Affected Software

VendorProductVersion RangeStatus
SUNNET Technology Co., Ltd.Wisdom Master Pro5.0 <= 5.2affected

Weaknesses

  • CWE-98: CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References