CVE-2025-30901

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.

CVSS

No CVSS.

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:joomsky:js_help_desk:*:*:*:*:*:wordpress:*:*

History

01 Apr 2026, 17:20

Type	Values Removed	Values Added
Summary	(en) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.	(en) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
References	{'url': 'https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : unknown

23 Jan 2026, 20:25

Type	Values Removed	Values Added
First Time		Joomsky Joomsky js Help Desk
Summary		(es) Control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión remota de archivos PHP') en JoomSky JS Help Desk permite la inclusión local de archivos PHP. Este problema afecta a JS Help Desk desde n/d hasta la versión 2.9.2.
References	~~() https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory
CPE		cpe:2.3:a:joomsky:js_help_desk::::::wordpress::*

01 Apr 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 06:15

Updated : 2026-04-01 17:20

NVD link : CVE-2025-30901

Mitre link : CVE-2025-30901

CVE.ORG link : CVE-2025-30901

JSON object : View

Products Affected

joomsky

js_help_desk

CWE

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JSON object

Attach tags to CVE-2025-30901

Attach tags to `CVE-2025-30901`