CVE-2026-32537 PHP — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.5 (HIGH)
Type	CWE-98
Vendor	PHP
Public PoC	No

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-98

References 1

https://patchstack.com/database/Wordpress/Plugin/visual-portfolio/vulnerability…

audit@patchstack.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32531

PHP

8.1

CVE-2026-32505

PHP

None

CVE-2026-32504

PHP

None

CVE-2026-32503

PHP

None

CVE-2026-32500

PHP

None

Menu

CVE-2026-32537

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-32531

CVE-2026-32505

CVE-2026-32504

CVE-2026-32503

CVE-2026-32500

CVE Details

Editor's Choice

Menu

CVE-2026-32537

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-32531

CVE-2026-32505

CVE-2026-32504

CVE-2026-32503

CVE-2026-32500

CVE Details

Editor's Choice

Stay informed on cybersecurity