A high-severity Remote File Inclusion (RFI) vulnerability has been identified in multiple products, specifically noted in Elated-Themes Savory. This flaw allows an unauthenticated, remote attacker to trick the application into executing malicious code from an external server, potentially leading to a complete system compromise, data theft, and service disruption. Organizations are urged to apply vendor patches immediately to mitigate this critical risk.

The vulnerability is a Remote File Inclusion (RFI) flaw resulting from an improper control of filenames used in PHP include or require statements. An attacker can exploit this by crafting a request that passes a URL to a malicious, externally-hosted file as a parameter to the vulnerable application. The server-side PHP script fails to sanitize this input and proceeds to include and execute the remote file, granting the attacker the ability to run arbitrary code with the permissions of the web server process.

This vulnerability is rated as High severity with a CVSS score of 8.1. Successful exploitation could lead to a complete compromise of the web server's confidentiality, integrity, and availability. Potential consequences include theft of sensitive data (such as customer information, credentials, or intellectual property), installation of malware or ransomware, website defacement, and using the compromised server to launch further attacks against the internal network. The resulting financial and reputational damage to the organization could be significant.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected systems. After patching, it is crucial to monitor systems for any signs of post-patch exploitation attempts and to review historical web server access logs for indicators of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should actively monitor web server logs for suspicious requests, particularly those containing full URLs or IP addresses in request parameters. Network monitoring should be configured to detect and alert on unusual outbound connections from the web server, as this could indicate a successful RFI exploit where the server is communicating with an attacker's command-and-control infrastructure.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block RFI attack patterns.
• Modify the server's php.ini configuration file to set allow_url_include to Off. This is a critical defense-in-depth measure that prevents PHP from including remote files, mitigating this specific vulnerability vector.

Public Exploit Available: false

Given the high CVSS score and the critical impact of a successful Remote File Inclusion attack, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. This CVE represents a direct path for an attacker to gain remote code execution on a public-facing server. Although this vulnerability is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion and a high-priority target for opportunistic attackers. All remediation and monitoring actions should be treated with the highest urgency.