A high-severity vulnerability has been identified in multiple AncoraThemes Integro products, carrying a CVSS score of 8.2. This flaw, a Local File Inclusion (LFI), allows an unauthenticated attacker to read sensitive files from the server's filesystem. Successful exploitation could lead to the exposure of confidential data, such as database credentials and system configuration files, potentially enabling a full system compromise.

The vulnerability is an Improper Control of a Filename for an Include/Require Statement, commonly known as Local File Inclusion (LFI). The application fails to properly sanitize user-supplied input that is used to construct a file path for an include or require PHP function. An attacker can exploit this by manipulating the input with directory traversal sequences (e.g., ../../..) to force the application to include and display the contents of arbitrary files on the local server, such as /etc/passwd or application configuration files containing database credentials.

This vulnerability is rated as High severity with a CVSS score of 8.2. Exploitation could have a significant negative impact on the business. The primary risk is a data breach, where an attacker could exfiltrate sensitive information including customer data, intellectual property, and system credentials. This can lead to severe reputational damage, loss of customer trust, and potential regulatory fines. If an attacker can leverage the LFI to read sensitive credentials or chain it with another vulnerability, it could be escalated to full remote code execution (RCE), resulting in a complete compromise of the affected server and a pivot point into the wider corporate network.

Immediate Action: Apply the security updates provided by AncoraThemes to all affected products immediately, prioritizing internet-facing systems. After patching, monitor web server and application logs for any signs of attempted or successful exploitation that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. Review web server access logs for requests containing directory traversal patterns (../, %2e%2e%2f, etc.) or requests attempting to access common sensitive files (e.g., wp-config.php, /etc/passwd, .env). Implement file integrity monitoring (FIM) to detect unauthorized changes to core application files and monitor for unusual outbound network traffic from the web server.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attack patterns.
• Harden server file permissions to ensure the web server user account has read access only to the directories it absolutely requires.
• Disable potentially dangerous PHP functions and ensure allow_url_include is disabled in the php.ini configuration to prevent escalation to Remote File Inclusion.

Public Exploit Available: false

Given the high CVSS score of 8.2 and the potential for sensitive data exposure and server compromise, this vulnerability poses a significant risk. We strongly recommend that organizations identify all affected AncoraThemes products and apply the vendor-supplied patches as a top priority. Although this CVE is not currently listed on the CISA KEV list, its severity warrants immediate attention. If patching is delayed, implement the recommended compensating controls, such as a WAF, and increase monitoring for any related malicious activity.