cleantalk
Vulnerabilities and Security Researches

AnyComment, CVE-2025-60240

CVE, Research URL

CVE-2025-60240

Home page URL

Security reports for AnyComment

Application

AnyComment

Published on
Nov 06, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.
Affected versions
max 0.3.6.
Status
vulnerable
Previous vulnerability researches
SNORDIAN&#039;s H5PxAPIkatchu (CVE-2025-30821) , Apr 02, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025
Interactive Content – H5P , Jun 06, 2024
Interactive Content – H5P (CVE-2024-3111) , Jun 28, 2024
New vulnerability
Event post (CVE-2025-62042) , Nov 10, 2025
Rock Convert (CVE-2025-62911) , Nov 10, 2025
Wp tabber widget (CVE-2025-10730) , Nov 10, 2025
Flex QR Code Generator (CVE-2025-10041) , Nov 10, 2025
DominoKit (CVE-2025-12350) , Nov 10, 2025