This vulnerability in ZIJ KART arises from insufficient validation or control over filenames passed to PHP include or require statements, enabling local file inclusion. The flaw exists in versions up to 1.1 and can be exploited remotely over the network without privileges or user interaction, but requires high attack complexity. The CVSS score is 8.1, reflecting high impact on confidentiality, integrity, and availability. No vendor patch or advisory is currently available, and no known exploits have been reported.

Successful exploitation can lead to local file inclusion, allowing attackers to read sensitive files on the server, potentially disclose credentials or configuration data, and possibly execute arbitrary code depending on the environment. The vulnerability impacts confidentiality, integrity, and availability of the affected system. However, no active exploitation has been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider restricting access to vulnerable endpoints, applying web application firewalls with rules to detect file inclusion attempts, and reviewing server configurations to limit file inclusion risks. Monitor official sources for updates from the vendor.