CWE:
 

Topic
Date
Author
Med.
mPDF 7.0 Local File Inclusion
02.08.2022
Musyoka Ian
High
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
19.05.2022
Ramuel Gall
Med.
Razer Sila 2.0.418 Local File Inclusion
11.04.2022
Kevin Randall
Med.
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
11.04.2022
Momen Eldawakhly
Med.
School Club Application System 1.0 Local File Inclusion
08.04.2022
Hejap Zairy
Med.
Bakery Shop Management System 1.0 Local File Inclusion
06.04.2022
Hejap Zairy
Med.
WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion
01.04.2022
Hassan Khan Yusufzai
Med.
Medical Hub Directory Site 1.0 Local File Inclusion
30.03.2022
Hejap Zairy
Med.
Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion
22.02.2022
Lassi Korhonen
Med.
Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion
27.01.2022
Jonah Tan
Med.
FAUST iServer 9.0.018.018.4 Local File Inclusion
26.01.2022
Mario Keck
Med.
Archeevo 5.0 Local File Inclusion
18.01.2022
Miguel Santareno
Med.
HD-Network Real-Time Monitoring System 2.0 Local File Inclusion
13.12.2021
Momen Eldawakhly
High
OrbiTeam BSCW Server XSS / LFI / User Enumeration
04.12.2021
Armin Stock
Med.
CMSimple 5.4 Local File Inclusion / Remote Code Execution
25.11.2021
S1lv3r
Med.
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
14.11.2021
Erik Wynter
High
Ulfius Web Framework Remote Memory Corruption
17.09.2021
Jeremy Brown
High
elFinder Archive Command Injection
17.09.2021
Shelby Pace
Med.
ProcessMaker 3.5.4 Local File inclusion
27.08.2021
Ai Ho (@j3ssiejjj)
Med.
WordPress Mail Masta 1.0 Local File Inclusion
25.08.2021
Matheus Alexandre
High
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
17.08.2021
Ken Pyle
Med.
Black Box Kvm Extender 3.4.31307 Local File Inclusion
07.07.2021
Ferhat Cil
Med.
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
27.05.2021
Debshubra Chakraborty
High
Google Chrome SimplfiedLowering Integer Overflow
12.04.2021
Rajvardhan Agarwal
Med.
rConfig 3.9.6 Local File Inclusion
16.03.2021
5a65726f
Med.
Seacms 11.1 file Local File Inclusion
16.12.2020
j5s
Med.
Task Management System 1.0 Local File Inclusion
15.12.2020
Ismail Bozkurt
Med.
Citrix ADC NetScaler Local File Inclusion
14.11.2020
Donny Maasland
Med.
Simple College Website 1.0 - 'page' Local File Inclusion
31.10.2020
mosaaed
High
Oracle Business Intelligence Enterprise 12.2.1.4.0 LFI
29.10.2020
Ivo Palazzolo
Med.
Hrsale 2.0.0 Local File Inclusion
21.10.2020
Sosecure
Med.
CS-Cart 1.3.3 Local File Inclusion
16.10.2020
0xmmnbassel
Med.
openSIS 7.4 Local File Inclusion
01.07.2020
EgiX
Med.
FHEM 6.0 Local File Inclusion
25.06.2020
Emre ÖVÜNÇ
Med.
Odoo 12.0 Local File Inclusion
23.06.2020
Emre OVUNC
Med.
BoltWire 6.03 Local File Inclusion
05.05.2020
Andrey Stoykov
Med.
WordPress Media Library Assistant 2.81 Local File Inclusion
15.04.2020
Daniel Monzon
High
SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution
20.02.2020
Certimeter Group Red T...
Med.
WordPress Ultimate-Member 2.1.3 Local File Inclusion
14.02.2020
Mehran Feizi
Med.
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
13.02.2020
EgiX
Med.
Lotus Core CMS 1.0.1 Local File Inclusion
31.01.2020
Daniel Monzón (stark0...
High
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
15.11.2019
Noman Riffat
Med.
Gila CMS Local File Inclusion
24.09.2019
Sainadh Jamalpur
Med.
Alkacon OpenCMS 10.5.x Local File inclusion
10.09.2019
Aetsu
Med.
Aptana Jaxer 1.0.3.4547 Local File Inclusion
09.08.2019
Steph Jensen
Med.
FlightPath < 4.8.2 / < 5.0-rc2 Local File Inclusion
15.07.2019
Mohammed Althibyani
Med.
Karenderia CMS 5.1 Local File Inclusion
08.07.2019
Mehmet Emiroglu
Med.
IceWarp 10.4.4 Local File Inclusion
05.06.2019
Jameel Nabbo
Med.
Deltek Maconomy 2.2.5 Local File Inclusion
29.05.2019
Jameel Nabbo
Med.
WordPress Diarise 1.5.9 Local File Disclosure
11.05.2019
Felipe Andrian Peixoto
Med.
osTicket 1.11 Cross Site Scripting / Local File Inclusion
26.04.2019
Ozkan Mustafa Akkus
Med.
phpFileManager 1.7.8 Local File Inclusion
02.04.2019
Murat Kalafatoglu
Med.
WordPress GraceMedia Media Player 1.0 Local File Inclusion
14.03.2019
Manuel Garcia Cardenas
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
Low
Selfie Studio 2.17 Denial Of Service
12.01.2019
Ihsan Sencan
Med.
phpMyAdmin 4.8.1 Authenticated Local File Inclusion
27.11.2018
Lucian Ioan Nitescu
Med.
PHP-Proxy 5.1.0 Local File Inclusion
16.11.2018
Ameer Pornillos
Med.
PHP Proxy 3.0.3 Local File Inclusion
06.11.2018
Ozkan Mustafa Akkus
High
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
16.10.2018
Siber Guvenlik Hizmetl...
Med.
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
WordPress Localize My Post 1.0 Local File Inclusion
20.09.2018
Manuel Garcia Cardenas
Med.
LG SuperSign EZ CMS 2.5 Local File Inclusion
19.09.2018
Alejandro Fanjul
Med.
man-cgi Local File Inclusion
09.08.2018
eL_Bart0
Med.
phpMyAdmin 4.8.1 (Authenticated) Local File Inclusion
22.06.2018
ChaMd5
Med.
SAP B2B / B2C CRM 2.x < 4.x Local File Inclusion
19.05.2018
Richard Alviarez
Med.
HRSALE The Ultimate HRM v1.0.2 Local File Inclusion
26.04.2018
8bitsec
Med.
Wordpress Plugin Site Editor 1.1.1 Local File Inclusion
28.03.2018
Nicolas Buzy-Debat
Med.
WordPress Site Editor 1.1.1 Local File Inclusion
20.03.2018
Nicolas Buzy-Debat
High
WOOF WooCommerce Products Filter 1.1.9 LFI / Code Execution
15.03.2018
Ahmad Ramadhan
Med.
NetEx HyperIP 6.1.0 Local File Inclusion
11.02.2018
Matt Bergin
Med.
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
20.12.2017
defensecode
Med.
Sophos UTM 9 Management Appplication Local File Inclusion
25.10.2017
Matt Bergin
Med.
CometChat < 6.2.0 BETA 1 Local File Inclusion
24.10.2017
Luke Paris
High
BMC Remedy LFI / RFI / XSS / Code Execution
23.10.2017
Simon Rawet
Med.
WordPress Ad Widget 2.10.0 Local File Inclusion
11.10.2017
defensecode
Med.
CMS Made Simple 2.2.1 Local File Inclusion
04.07.2017
Zhiyang Zeng
Med.
Aerohive AP340 HiveOS Remote Code Execution / Local File Inclusion
15.06.2017
Ike-Clinton
Med.
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
13.04.2017
keksec
Med.
Kodi 17.1 Local File Inclusion
16.02.2017
Eric Flokstra
Med.
WordPress WooCommerce Direct Download Local File Inclusion
18.01.2017
Diego Celdran Morell
Med.
CMS NETGEAR powered by PICTOR Local File Inclusion
16.12.2016
Felipe Andrian Peixoto
Med.
WordPress WP Vault 0.8.6.6 Local File Inclusion
02.12.2016
Lenon Leite
Med.
FUDforum 3.0.6 Local File Inclusion
19.11.2016
Tim Coen
Med.
SweetRice 1.5.1 Local File Inclusion
03.11.2016
Ashiyane Digital Secur...
Med.
PHP Support Tickets 1.3 Local File Inclusion
31.10.2016
N_A
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin
Med.
Sakai 10.7 Cross Site Scripting / Local File Inclusion
22.08.2016
Gjoko 'LiquidWorm' Krs...
Med.
WordPress Ajax Load More 2.11.1 Local File Inclusion
16.08.2016
Burak Kelebek
Med.
WordPress Easy Forms For MailChimp 6.0.5.5 Local File Inclusion
13.07.2016
Yorick Koster
Med.
WordPress WP Fastest Cache 0.8.5.9 Local File Inclusion
13.07.2016
Yorick Koster
Med.
WordPress Ultimate Member 1.3.64 Local File Inclusion
12.07.2016
Burak Kelebek
Med.
Concrete5 5.7.3.1 Local File Inclusion
29.06.2016
Egidio Romano
High
BookingWizz LFI / XSS / CSRF / SQL Injection
16.06.2016
Mehmet Ince
Med.
Web2py 2.14.5 CSRF / XSS / Local File Inclusion
17.05.2016
Narendra Bhati
High
PLANET IP LFI / CSRF / XSS / Authentication Bypass
17.05.2016
Orwelllabs
Med.
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion
28.03.2016
CrashBandicot @DosPerl
Med.
WordPress Photocart Link 1.6 Local File Inclusion
28.03.2016
CrashBandicot
Med.
WordPress Issuu Panel 1.6 Remote / Local File Inclusion
24.03.2016
CrashBandicot
Med.
WordPress Dharma Booking 2.28.3 Remote / Local File Inclusion
23.03.2016
AMAR^SHG
Med.
WordPress Brandfolder 3.0 Remote / Local File Inclusion
23.03.2016
AMAR^SHG


CVEMAP Search Results

CVE
Details
Description
2020-06-03
Low
CVE-2020-5295

Vendor: Octobercms
Software: October
 

 
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).

 

 


Copyright 2022, cxsecurity.com

 

Back to Top