Lucene search
K

2219 matches found

Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.5 views

PT-2024-36103 · Codegear · Codegearthemes Designer

Name of the Vulnerable Software and Affected Versions: CodegearThemes Designer versions 1.3.3 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local...

7.5CVSS7.4AI score0.00766EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-35223 · Unknown · Team Members

Name of the Vulnerable Software and Affected Versions: Team Member versions n/a through 7.3 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows for potential remote file inclusion...

4.3CVSS9.6AI score0.00426EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

WordPress plugin Team Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

4.3CVSS8.3AI score0.00426EPSS
Exploits0References1
OSV
OSV
added 2024/11/30 9:15 p.m.4 views

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4...

9.8CVSS7.3AI score0.00642EPSS
Exploits0References1
NVD
NVD
added 2024/11/28 11:15 a.m.12 views

CVE-2024-52499

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ibrahim Pricing table addon for elementor pricing-table-addon-for-elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through...

7.5CVSS0.00692EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.4 views

WordPress plugin nBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS8.2AI score0.00561EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 3:15 p.m.3 views

CVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12...

9.8CVSS5.8AI score0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

WordPress plugin Ads Booster by Ads Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.2AI score0.00509EPSS
Exploits0References1
CVE
CVE
added 2024/11/14 5:33 p.m.51 views

CVE-2024-52381

CVE-2024-52381 affects the ZIJ KART WordPress plugin (versions

8.1CVSS7.2AI score0.00566EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 8:15 p.m.4 views

CVE-2024-50457

: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3...

8.8CVSS5.8AI score0.00543EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.4 views

PT-2024-34275 · Unknown · Buynowdepot Advanced Online Ordering/Delivery Platform

Name of the Vulnerable Software and Affected Versions: BuyNowDepot Advanced Online Ordering and Delivery Platform versions n/a through 2.0.0 Description: The issue affects the BuyNowDepot Advanced Online Ordering and Delivery Platform, allowing for PHP Local File Inclusion due to an improper...

9.8CVSS7.2AI score0.0051EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-33653

Name of the Vulnerable Software and Affected Versions: Theme Horse Mags versions 1.1.6 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of vulnerability where an...

8.8CVSS6.7AI score0.00456EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/07/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-38735

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.9.5...

5.8AI score0.00521EPSS
Exploits0References1
Hacker One
Hacker One
added 2022/11/22 8:46 p.m.26 views

Nextcloud: Ability to control the filename when uploading a logo or favicon on theming

A vulnerability existed in Nextcloud that allowed an attacker to control the filename of a logo or favicon when uploading it, by modifying the key. This could result in the attacker uploading any files directly in the webapp and path disclosure. The vulnerability has been fixed...

8.8CVSS8.4AI score0.00762EPSS
Exploits0
OSV
OSV
added 2020/05/13 7:15 p.m.4 views

CVE-2020-2008

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...

7.2CVSS7.3AI score0.02755EPSS
Exploits0References1
OSV
OSV
added 2020/05/13 7:15 p.m.5 views

CVE-2020-2003

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

6.5CVSS6.8AI score0.00938EPSS
Exploits0References1
Snyk
Snyk
added 2020/03/13 10:30 a.m.3 views

Command Injection

Overview pulverizr is a to smash your images down to size. Affected versions of this package are vulnerable to Command Injection. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable filename to construct the argument of the exec call without...

9.8CVSS7AI score0.02512EPSS
Exploits1References2
OSV
OSV
added 2018/10/01 4:30 p.m.1 views

GHSA-QFH2-6F7Q-GR86 Cross-Site Scripting in sexstatic

All versions of sexstatic are vulnerable to stored cross-site scripting xss. This is exploitable if an attacker can control a filename that is served by sexstatic. Recommendation As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this...

6.1CVSS6.3AI score0.00922EPSS
Exploits1References4
OSV
OSV
added 2018/06/07 7:43 p.m.39 views

GHSA-3PXP-6963-46R9 Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

9.8CVSS9.7AI score0.04928EPSS
Exploits1References5
Rows per page
Query Builder