AnyComment, CVE-2025-60240

CVE, Research URL: CVE-2025-60240
Home page URL: Security reports for AnyComment
Application: AnyComment
Published on: Nov 06, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.
Affected versions: max 0.3.6.
Status: vulnerable