EUVD-2022-55975

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

CVE-2022-50954

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

CVE-2022-50954

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

PT-2026-39479

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

VulnCheck KEV: CVE-2010-2035

Directory traversal vulnerability in the Percha Gallery comperchagallery component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2025-12851 My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...

CVE-2025-12851 My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...

PT-2025-49233

Name of the Vulnerable Software and Affected Versions My auctions allegro plugin for WordPress versions through 3.6.32 Description The My auctions allegro plugin for WordPress is susceptible to a Local File Inclusion issue via the controller parameter. This allows unauthenticated attackers to...

EUVD-2010-1629

Malware in sbrugna...

EUVD-2010-0997

Malware in sbrugna...

EUVD-2025-28130

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-1391

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues...

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-1391

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176, which stems from...

Cross site scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...

YFCMF 安全漏洞

YFCMF is a software application. It provides a lightweight enterprise website management system. A security vulnerability exists in YFCMF before 3.0.4, which stems from unknown processing in app/admin/controller/Ajax.php that causes path traversal via the parameter controllername...

PT-2022-13851 · WordPress · Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: Cab fare calculator WordPress plugin versions prior to 1.0.4 Description: The issue is related to the lack of validation of the controller parameter, which is used in require statements. This could lead to Local File Inclusion issues...

YzmCMS 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. A stored cross-site scripting vulnerability exists in the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter in YzmCMS version 5.6. The vulnerabilit...

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-28406)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A cross-site scripting vulnerability in the foreignid parameter in controller.php in OpenEMR 5.0.1 and earlier versions can be exploited by an attacker to execute arbitrary code in the context of ...