A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://docuform.de |
|
| https://gist.github.com/ZeroBreach-GmbH |
|
History
Sat, 11 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-639 | |
| Metrics |
cvssV3_1
|
Sat, 11 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local File Inclusion in docuForm GmbH Client Enables Remote Code Execution | |
| Weaknesses | CWE-20 CWE-74 |
Fri, 10 Jul 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Docuform
Docuform client |
|
| Vendors & Products |
Docuform
Docuform client |
Thu, 09 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-07-09T00:00:00.000Z
Updated: 2026-07-10T15:33:55.421Z
Reserved: 2026-06-08T00:00:00.000Z
Link: CVE-2026-51925
Updated: 2026-07-10T15:33:50.454Z
No data.
No data.