CWE:
 

Topic
Date
Author
High
Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials
24.07.2024
T. Weber
Med.
Jenkins 2.441 Local File Inclusion
15.04.2024
Matisse Beckandt
High
elFinder Web file manager Version 2.1.53 Remote Command Execution
06.03.2024
tmrswrr
Med.
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
06.03.2024
Jaggar Henry
High
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
06.04.2023
Kahvi-0
Med.
Purchase Order Management-1.0 Local File Inclusion
06.04.2023
nu11secur1ty
High
Owlfiles File Manager 12.0.1 Multiple Vulnerabilities
27.03.2023
Chokri Hammedi
High
ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution
27.02.2023
d1g
High
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
15.11.2022
Steffen Robertz
Med.
PhotoSync 4.7 Local File Inclusion
20.09.2022
Chokri Hammedi
High
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
20.09.2022
Chokri Hammedi
Med.
FE File Explorer 11.0.4 Local File Inclusion
07.09.2022
Chokri Hammedi
Med.
FTPManager 8.2 Local File Inclusion / Directory Traversal
07.09.2022
Chokri Hammedi
Med.
Wifi HD Wireless Disk Drive 11 Local File Inclusion
06.09.2022
Chokri Hammedi
Med.
mPDF 7.0 Local File Inclusion
02.08.2022
Musyoka Ian
High
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
19.05.2022
Ramuel Gall
Med.
Razer Sila 2.0.418 Local File Inclusion
11.04.2022
Kevin Randall
Med.
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
11.04.2022
Momen Eldawakhly
Med.
School Club Application System 1.0 Local File Inclusion
08.04.2022
Hejap Zairy
Med.
Bakery Shop Management System 1.0 Local File Inclusion
06.04.2022
Hejap Zairy
Med.
WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion
01.04.2022
Hassan Khan Yusufzai
Med.
Medical Hub Directory Site 1.0 Local File Inclusion
30.03.2022
Hejap Zairy
Med.
Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion
22.02.2022
Lassi Korhonen
Med.
Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion
27.01.2022
Jonah Tan
Med.
FAUST iServer 9.0.018.018.4 Local File Inclusion
26.01.2022
Mario Keck
Med.
Archeevo 5.0 Local File Inclusion
18.01.2022
Miguel Santareno
Med.
HD-Network Real-Time Monitoring System 2.0 Local File Inclusion
13.12.2021
Momen Eldawakhly
High
OrbiTeam BSCW Server XSS / LFI / User Enumeration
04.12.2021
Armin Stock
Med.
CMSimple 5.4 Local File Inclusion / Remote Code Execution
25.11.2021
S1lv3r
Med.
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
14.11.2021
Erik Wynter
High
Ulfius Web Framework Remote Memory Corruption
17.09.2021
Jeremy Brown
High
elFinder Archive Command Injection
17.09.2021
Shelby Pace
Med.
ProcessMaker 3.5.4 Local File inclusion
27.08.2021
Ai Ho (@j3ssiejjj)
Med.
WordPress Mail Masta 1.0 Local File Inclusion
25.08.2021
Matheus Alexandre
High
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
17.08.2021
Ken Pyle
Med.
Black Box Kvm Extender 3.4.31307 Local File Inclusion
07.07.2021
Ferhat Cil
Med.
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
27.05.2021
Debshubra Chakraborty
High
Google Chrome SimplfiedLowering Integer Overflow
12.04.2021
Rajvardhan Agarwal
Med.
rConfig 3.9.6 Local File Inclusion
16.03.2021
5a65726f
Med.
Seacms 11.1 file Local File Inclusion
16.12.2020
j5s
Med.
Task Management System 1.0 Local File Inclusion
15.12.2020
Ismail Bozkurt
Med.
Citrix ADC NetScaler Local File Inclusion
14.11.2020
Donny Maasland
Med.
Simple College Website 1.0 - 'page' Local File Inclusion
31.10.2020
mosaaed
High
Oracle Business Intelligence Enterprise 12.2.1.4.0 LFI
29.10.2020
Ivo Palazzolo
Med.
Hrsale 2.0.0 Local File Inclusion
21.10.2020
Sosecure
Med.
CS-Cart 1.3.3 Local File Inclusion
16.10.2020
0xmmnbassel
Med.
openSIS 7.4 Local File Inclusion
01.07.2020
EgiX
Med.
FHEM 6.0 Local File Inclusion
25.06.2020
Emre ÖVÜNÇ
Med.
Odoo 12.0 Local File Inclusion
23.06.2020
Emre OVUNC
Med.
BoltWire 6.03 Local File Inclusion
05.05.2020
Andrey Stoykov
Med.
WordPress Media Library Assistant 2.81 Local File Inclusion
15.04.2020
Daniel Monzon
High
SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution
20.02.2020
Certimeter Group Red T...
Med.
WordPress Ultimate-Member 2.1.3 Local File Inclusion
14.02.2020
Mehran Feizi
Med.
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
13.02.2020
EgiX
Med.
Lotus Core CMS 1.0.1 Local File Inclusion
31.01.2020
Daniel Monzón (stark0...
High
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
15.11.2019
Noman Riffat
Med.
Gila CMS Local File Inclusion
24.09.2019
Sainadh Jamalpur
Med.
Alkacon OpenCMS 10.5.x Local File inclusion
10.09.2019
Aetsu
Med.
Aptana Jaxer 1.0.3.4547 Local File Inclusion
09.08.2019
Steph Jensen
Med.
FlightPath < 4.8.2 / < 5.0-rc2 Local File Inclusion
15.07.2019
Mohammed Althibyani
Med.
Karenderia CMS 5.1 Local File Inclusion
08.07.2019
Mehmet Emiroglu
Med.
IceWarp 10.4.4 Local File Inclusion
05.06.2019
Jameel Nabbo
Med.
Deltek Maconomy 2.2.5 Local File Inclusion
29.05.2019
Jameel Nabbo
Med.
WordPress Diarise 1.5.9 Local File Disclosure
11.05.2019
Felipe Andrian Peixoto
Med.
osTicket 1.11 Cross Site Scripting / Local File Inclusion
26.04.2019
Ozkan Mustafa Akkus
Med.
phpFileManager 1.7.8 Local File Inclusion
02.04.2019
Murat Kalafatoglu
Med.
WordPress GraceMedia Media Player 1.0 Local File Inclusion
14.03.2019
Manuel Garcia Cardenas
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
Low
Selfie Studio 2.17 Denial Of Service
12.01.2019
Ihsan Sencan
Med.
phpMyAdmin 4.8.1 Authenticated Local File Inclusion
27.11.2018
Lucian Ioan Nitescu
Med.
PHP-Proxy 5.1.0 Local File Inclusion
16.11.2018
Ameer Pornillos
Med.
PHP Proxy 3.0.3 Local File Inclusion
06.11.2018
Ozkan Mustafa Akkus
High
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
16.10.2018
Siber Guvenlik Hizmetl...
Med.
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
WordPress Localize My Post 1.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
LG SuperSign EZ CMS 2.5 Local File Inclusion
19.09.2018
Alejandro Fanjul
Med.
man-cgi Local File Inclusion
09.08.2018
eL_Bart0
Med.
phpMyAdmin 4.8.1 (Authenticated) Local File Inclusion
22.06.2018
ChaMd5
Med.
SAP B2B / B2C CRM 2.x < 4.x Local File Inclusion
19.05.2018
Richard Alviarez
Med.
HRSALE The Ultimate HRM v1.0.2 Local File Inclusion
26.04.2018
8bitsec
Med.
Wordpress Plugin Site Editor 1.1.1 Local File Inclusion
28.03.2018
Nicolas Buzy-Debat
Med.
WordPress Site Editor 1.1.1 Local File Inclusion
20.03.2018
Nicolas Buzy-Debat
High
WOOF WooCommerce Products Filter 1.1.9 LFI / Code Execution
15.03.2018
Ahmad Ramadhan
Med.
NetEx HyperIP 6.1.0 Local File Inclusion
11.02.2018
Matt Bergin
Med.
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
20.12.2017
defensecode
Med.
Sophos UTM 9 Management Appplication Local File Inclusion
25.10.2017
Matt Bergin
Med.
CometChat < 6.2.0 BETA 1 Local File Inclusion
24.10.2017
Luke Paris
High
BMC Remedy LFI / RFI / XSS / Code Execution
23.10.2017
Simon Rawet
Med.
WordPress Ad Widget 2.10.0 Local File Inclusion
11.10.2017
defensecode
Med.
CMS Made Simple 2.2.1 Local File Inclusion
04.07.2017
Zhiyang Zeng
Med.
Aerohive AP340 HiveOS Remote Code Execution / Local File Inclusion
15.06.2017
Ike-Clinton
Med.
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
13.04.2017
keksec
Med.
Kodi 17.1 Local File Inclusion
16.02.2017
Eric Flokstra
Med.
WordPress WooCommerce Direct Download Local File Inclusion
18.01.2017
Diego Celdran Morell
Med.
CMS NETGEAR powered by PICTOR Local File Inclusion
16.12.2016
Felipe Andrian Peixoto
Med.
WordPress WP Vault 0.8.6.6 Local File Inclusion
02.12.2016
Lenon Leite
Med.
FUDforum 3.0.6 Local File Inclusion
19.11.2016
Tim Coen
Med.
SweetRice 1.5.1 Local File Inclusion
03.11.2016
Ashiyane Digital Secur...
Med.
PHP Support Tickets 1.3 Local File Inclusion
31.10.2016
N_A
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin


CVEMAP Search Results

CVE
Details
Description
2024-10-18
Waiting for details
CVE-2024-49243

Updating...
 

 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0.

 
2024-10-17
Waiting for details
CVE-2024-49317

Updating...
 

 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4.

 
2024-10-16
Waiting for details
CVE-2024-48029

Updating...
 

 
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0.

 
Waiting for details
CVE-2024-49251

Updating...
 

 
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1.

 
2024-10-15
Waiting for details
CVE-2024-9981

Updating...
 

 
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server.

 
2024-10-03
Waiting for details
CVE-2024-41925

Updating...
 

 
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.

 
2024-08-30
Waiting for details
CVE-2024-8252

Updating...
 

 
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other �??safe�?� file types can be uploaded and included.

 
2024-08-21
Waiting for details
CVE-2024-5762

Updating...
 

 
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408.

 
2024-06-12
Waiting for details
CVE-2024-4315

Updating...
 

 
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.

 
2024-06-04
Waiting for details
CVE-2024-35629

Updating...
 

 
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads �?? Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads �?? Recent Purchases: from n/a through 1.0.2.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top