diff --git a/htdocs/application/controllers/theme_assets.php b/htdocs/application/controllers/theme_assets.php
index b1a6b47..b138092 100644
--- a/htdocs/application/controllers/theme_assets.php
+++ b/htdocs/application/controllers/theme_assets.php
@@ -23,7 +23,7 @@ class Theme_assets extends CI_Controller
 	function css() 
 	{
 		$css_file = $this->uri->segment(4);
-
+		$css_file = basename( $css_file ); // Fix LFI Vulnerability
 		//file path
 		$file_path = 'themes/' . $this->theme . '/css/' . $css_file;
 
@@ -33,6 +33,11 @@ class Theme_assets extends CI_Controller
 		{
 			$file_path = 'themes/default/css/' . $css_file;
 		}
+		
+		// Double checking file
+		if( !file_exists( $file_path ) ) {
+			return false;
+		}
 
 		//send
 		header('Content-type: text/css');
@@ -43,7 +48,7 @@ class Theme_assets extends CI_Controller
 	function images() 
 	{
 		$image_file = $this->uri->segment(4);
-
+		$image_file = basename( $image_file );
 		//file path
 		$file_path = 'themes/' . $this->theme . '/images/' . $image_file;
 
@@ -53,7 +58,11 @@ class Theme_assets extends CI_Controller
 		{
 			$file_path = 'themes/default/images/' . $image_file;
 		}
-
+		
+		// double checking file
+		if( !file_exists( $file_path ) ) {
+			return false;
+		}
 		//send
 		$size = getimagesize($file_path);
 		header('Content-type: ' . $size['mime']);