CWE:
 

Topic
Date
Author
Med.
Jenkins 2.441 Local File Inclusion
15.04.2024
Matisse Beckandt
High
elFinder Web file manager Version 2.1.53 Remote Command Execution
06.03.2024
tmrswrr
Med.
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
06.03.2024
Jaggar Henry
High
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
06.04.2023
Kahvi-0
Med.
Purchase Order Management-1.0 Local File Inclusion
06.04.2023
nu11secur1ty
High
Owlfiles File Manager 12.0.1 Multiple Vulnerabilities
27.03.2023
Chokri Hammedi
High
ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution
27.02.2023
d1g
High
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
15.11.2022
Steffen Robertz
Med.
PhotoSync 4.7 Local File Inclusion
20.09.2022
Chokri Hammedi
High
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
20.09.2022
Chokri Hammedi
Med.
FE File Explorer 11.0.4 Local File Inclusion
07.09.2022
Chokri Hammedi
Med.
FTPManager 8.2 Local File Inclusion / Directory Traversal
07.09.2022
Chokri Hammedi
Med.
Wifi HD Wireless Disk Drive 11 Local File Inclusion
06.09.2022
Chokri Hammedi
Med.
mPDF 7.0 Local File Inclusion
02.08.2022
Musyoka Ian
High
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
19.05.2022
Ramuel Gall
Med.
Razer Sila 2.0.418 Local File Inclusion
11.04.2022
Kevin Randall
Med.
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
11.04.2022
Momen Eldawakhly
Med.
School Club Application System 1.0 Local File Inclusion
08.04.2022
Hejap Zairy
Med.
Bakery Shop Management System 1.0 Local File Inclusion
06.04.2022
Hejap Zairy
Med.
WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion
01.04.2022
Hassan Khan Yusufzai
Med.
Medical Hub Directory Site 1.0 Local File Inclusion
30.03.2022
Hejap Zairy
Med.
Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion
22.02.2022
Lassi Korhonen
Med.
Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion
27.01.2022
Jonah Tan
Med.
FAUST iServer 9.0.018.018.4 Local File Inclusion
26.01.2022
Mario Keck
Med.
Archeevo 5.0 Local File Inclusion
18.01.2022
Miguel Santareno
Med.
HD-Network Real-Time Monitoring System 2.0 Local File Inclusion
13.12.2021
Momen Eldawakhly
High
OrbiTeam BSCW Server XSS / LFI / User Enumeration
04.12.2021
Armin Stock
Med.
CMSimple 5.4 Local File Inclusion / Remote Code Execution
25.11.2021
S1lv3r
Med.
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
14.11.2021
Erik Wynter
High
Ulfius Web Framework Remote Memory Corruption
17.09.2021
Jeremy Brown
High
elFinder Archive Command Injection
17.09.2021
Shelby Pace
Med.
ProcessMaker 3.5.4 Local File inclusion
27.08.2021
Ai Ho (@j3ssiejjj)
Med.
WordPress Mail Masta 1.0 Local File Inclusion
25.08.2021
Matheus Alexandre
High
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
17.08.2021
Ken Pyle
Med.
Black Box Kvm Extender 3.4.31307 Local File Inclusion
07.07.2021
Ferhat Cil
Med.
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
27.05.2021
Debshubra Chakraborty
High
Google Chrome SimplfiedLowering Integer Overflow
12.04.2021
Rajvardhan Agarwal
Med.
rConfig 3.9.6 Local File Inclusion
16.03.2021
5a65726f
Med.
Seacms 11.1 file Local File Inclusion
16.12.2020
j5s
Med.
Task Management System 1.0 Local File Inclusion
15.12.2020
Ismail Bozkurt
Med.
Citrix ADC NetScaler Local File Inclusion
14.11.2020
Donny Maasland
Med.
Simple College Website 1.0 - 'page' Local File Inclusion
31.10.2020
mosaaed
High
Oracle Business Intelligence Enterprise 12.2.1.4.0 LFI
29.10.2020
Ivo Palazzolo
Med.
Hrsale 2.0.0 Local File Inclusion
21.10.2020
Sosecure
Med.
CS-Cart 1.3.3 Local File Inclusion
16.10.2020
0xmmnbassel
Med.
openSIS 7.4 Local File Inclusion
01.07.2020
EgiX
Med.
FHEM 6.0 Local File Inclusion
25.06.2020
Emre ÖVÜNÇ
Med.
Odoo 12.0 Local File Inclusion
23.06.2020
Emre OVUNC
Med.
BoltWire 6.03 Local File Inclusion
05.05.2020
Andrey Stoykov
Med.
WordPress Media Library Assistant 2.81 Local File Inclusion
15.04.2020
Daniel Monzon
High
SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution
20.02.2020
Certimeter Group Red T...
Med.
WordPress Ultimate-Member 2.1.3 Local File Inclusion
14.02.2020
Mehran Feizi
Med.
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
13.02.2020
EgiX
Med.
Lotus Core CMS 1.0.1 Local File Inclusion
31.01.2020
Daniel Monzón (stark0...
High
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
15.11.2019
Noman Riffat
Med.
Gila CMS Local File Inclusion
24.09.2019
Sainadh Jamalpur
Med.
Alkacon OpenCMS 10.5.x Local File inclusion
10.09.2019
Aetsu
Med.
Aptana Jaxer 1.0.3.4547 Local File Inclusion
09.08.2019
Steph Jensen
Med.
FlightPath < 4.8.2 / < 5.0-rc2 Local File Inclusion
15.07.2019
Mohammed Althibyani
Med.
Karenderia CMS 5.1 Local File Inclusion
08.07.2019
Mehmet Emiroglu
Med.
IceWarp 10.4.4 Local File Inclusion
05.06.2019
Jameel Nabbo
Med.
Deltek Maconomy 2.2.5 Local File Inclusion
29.05.2019
Jameel Nabbo
Med.
WordPress Diarise 1.5.9 Local File Disclosure
11.05.2019
Felipe Andrian Peixoto
Med.
osTicket 1.11 Cross Site Scripting / Local File Inclusion
26.04.2019
Ozkan Mustafa Akkus
Med.
phpFileManager 1.7.8 Local File Inclusion
02.04.2019
Murat Kalafatoglu
Med.
WordPress GraceMedia Media Player 1.0 Local File Inclusion
14.03.2019
Manuel Garcia Cardenas
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
Low
Selfie Studio 2.17 Denial Of Service
12.01.2019
Ihsan Sencan
Med.
phpMyAdmin 4.8.1 Authenticated Local File Inclusion
27.11.2018
Lucian Ioan Nitescu
Med.
PHP-Proxy 5.1.0 Local File Inclusion
16.11.2018
Ameer Pornillos
Med.
PHP Proxy 3.0.3 Local File Inclusion
06.11.2018
Ozkan Mustafa Akkus
High
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
16.10.2018
Siber Guvenlik Hizmetl...
Med.
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
WordPress Localize My Post 1.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
LG SuperSign EZ CMS 2.5 Local File Inclusion
19.09.2018
Alejandro Fanjul
Med.
man-cgi Local File Inclusion
09.08.2018
eL_Bart0
Med.
phpMyAdmin 4.8.1 (Authenticated) Local File Inclusion
22.06.2018
ChaMd5
Med.
SAP B2B / B2C CRM 2.x < 4.x Local File Inclusion
19.05.2018
Richard Alviarez
Med.
HRSALE The Ultimate HRM v1.0.2 Local File Inclusion
26.04.2018
8bitsec
Med.
Wordpress Plugin Site Editor 1.1.1 Local File Inclusion
28.03.2018
Nicolas Buzy-Debat
Med.
WordPress Site Editor 1.1.1 Local File Inclusion
20.03.2018
Nicolas Buzy-Debat
High
WOOF WooCommerce Products Filter 1.1.9 LFI / Code Execution
15.03.2018
Ahmad Ramadhan
Med.
NetEx HyperIP 6.1.0 Local File Inclusion
11.02.2018
Matt Bergin
Med.
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
20.12.2017
defensecode
Med.
Sophos UTM 9 Management Appplication Local File Inclusion
25.10.2017
Matt Bergin
Med.
CometChat < 6.2.0 BETA 1 Local File Inclusion
24.10.2017
Luke Paris
High
BMC Remedy LFI / RFI / XSS / Code Execution
23.10.2017
Simon Rawet
Med.
WordPress Ad Widget 2.10.0 Local File Inclusion
11.10.2017
defensecode
Med.
CMS Made Simple 2.2.1 Local File Inclusion
04.07.2017
Zhiyang Zeng
Med.
Aerohive AP340 HiveOS Remote Code Execution / Local File Inclusion
15.06.2017
Ike-Clinton
Med.
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
13.04.2017
keksec
Med.
Kodi 17.1 Local File Inclusion
16.02.2017
Eric Flokstra
Med.
WordPress WooCommerce Direct Download Local File Inclusion
18.01.2017
Diego Celdran Morell
Med.
CMS NETGEAR powered by PICTOR Local File Inclusion
16.12.2016
Felipe Andrian Peixoto
Med.
WordPress WP Vault 0.8.6.6 Local File Inclusion
02.12.2016
Lenon Leite
Med.
FUDforum 3.0.6 Local File Inclusion
19.11.2016
Tim Coen
Med.
SweetRice 1.5.1 Local File Inclusion
03.11.2016
Ashiyane Digital Secur...
Med.
PHP Support Tickets 1.3 Local File Inclusion
31.10.2016
N_A
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin
Med.
Sakai 10.7 Cross Site Scripting / Local File Inclusion
22.08.2016
Gjoko 'LiquidWorm' Krs...


CVEMAP Search Results

CVE
Details
Description
2024-06-12
Waiting for details
CVE-2024-4315

Updating...
 

 
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.

 
2024-06-04
Waiting for details
CVE-2024-35629

Updating...
 

 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads �?? Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads �?? Recent Purchases: from n/a through 1.0.2.

 
2024-04-10
Waiting for details
CVE-2024-1600

Updating...
 

 
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.

 
2024-01-15
Waiting for details
CVE-2024-0315

Updating...
 

 
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

 
2023-12-21
Waiting for details
CVE-2023-49084

Updating...
 

 
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

 
2023-10-31
Waiting for details
CVE-2023-5099

Updating...
 

 
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other �??safe�?� file types can be uploaded and included.

 
2023-10-30
Waiting for details
CVE-2023-5199

Updating...
 

 
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.

 
Waiting for details
CVE-2023-5250

Updating...
 

 
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.

 
2023-08-12
Waiting for details
CVE-2023-3452

Updating...
 

 
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.

 
2023-08-06
Waiting for details
CVE-2023-4195

Updating...
 

 
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top