A high-severity vulnerability has been identified in multiple Mojoomla WPCHURCH products, tracked as CVE-2025-32304. This flaw, a Local File Inclusion, allows an unauthenticated attacker to trick the application into reading and displaying the contents of sensitive files on the server. Successful exploitation could lead to the exposure of confidential data, system credentials, and application source code, posing a significant risk to data integrity and system security.

The vulnerability is a Local File Inclusion (LFI) caused by an Improper Control of a Filename used in a PHP include() or require() statement. An attacker can exploit this by manipulating an input parameter, such as a URL query string, to include path traversal sequences (e.g., ../../..). This forces the application to navigate the server's file system and include a file of the attacker's choosing, which is then processed or rendered to the attacker. For example, an attacker could request a file like /etc/passwd to enumerate system users or access configuration files containing database credentials, leading to a significant information disclosure.

This vulnerability is rated as High severity with a CVSS score of 8.1. The primary business impact is the potential for a severe data breach through the unauthorized disclosure of sensitive information. Consequences of exploitation include the theft of customer data, intellectual property, or internal credentials, which could facilitate further attacks. Such an incident could result in significant reputational damage, loss of customer trust, regulatory fines for non-compliance with data protection standards, and substantial financial costs associated with incident response and recovery.

Immediate Action: Apply the security updates released by Mojoomla WPCHURCH across all affected products without delay. Concurrently, security teams must actively monitor for signs of attempted exploitation and conduct a thorough review of web server access and error logs for any suspicious requests matching the attack pattern.

Proactive Monitoring: Security teams should monitor web server access logs for requests containing path traversal sequences (e.g., ../, %2e%2e%2f, ..%2f) in URL parameters. Implement alerts for attempts to access common sensitive files such as /etc/passwd, /proc/self/environ, or application configuration files (e.g., wp-config.php, .env). Monitor for unexpected PHP errors in logs, which could indicate failed file inclusion attempts.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with a robust ruleset to detect and block path traversal attacks. Additionally, harden the server environment by enforcing strict file system permissions to limit the files accessible by the web server user. Further restrict PHP's capabilities by configuring open_basedir to limit the file paths that PHP can access.

Public Exploit Available: false

Given the high severity (CVSS 8.1) of this vulnerability and its potential for critical information disclosure, immediate patching is the most effective course of action. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential impact warrants urgent attention. Organizations using affected Mojoomla WPCHURCH products should prioritize the deployment of vendor-supplied patches and implement the recommended monitoring and compensating controls to mitigate the significant risk of a data breach.