20394 matches found
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
CVE-2024-6228
This CVE concerns the WordPress plugin Notifications for Forms & WordPress Actions (WANotifier) prior to version 2.6. The root cause is inadequate validation of a user-supplied value that is used to build a server-side file inclusion path. This allows authenticated users with subscriber-level acc...
Zeit Next.js < 4.2.3 - Local File Inclusion
Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...
ResourceSpace - Local File inclusion
ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. id: CVE-2015-3648 info: name: ResourceSpace - Local File inclusion author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion...
Omnia MPX 1.5.0+r1 - Local File Inclusion
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...
Joomla! Component com_jresearch - 'Controller' Local File Inclusion
A directory traversal vulnerability in jresearch.php in the J!Research comjresearch component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1340 info: name: Joomla! Component comjresearch - 'Controller' Local Fi...
Joomla! ProDesk 1.0/1.2 - Local File Inclusion
Joomla! Pro Desk Support Center comprodesk component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. dot dot in the includefile parameter to index.php. id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo severity: medium description:...
LG-Ericsson iPECS NMS 30M - Local File Inclusion
Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...
Joomla! Component SMEStorage - Local File Inclusion
A directory traversal vulnerability in the SMEStorage comsmestorage component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-1858 info: name: Joomla! Component SMEStorage - Local File...
PilusCart <=1.4.1 - Local File Inclusion
PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion. id: CVE-2019-16123 info: name: PilusCart =1.4.2 or apply the vendor-supplied patch to mitigate the LFI vulnerability. reference: -...
Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
Horde/Horde Groupware - Local File Inclusion
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name. id: CVE-2009-0932 inf...
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...
Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Agora 3.0.0b comagora allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severit...
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...
Joomla! Component com_janews - Local File Inclusion
A directory traversal vulnerability in the JA News comjanews component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1219 info: name: Joomla! Component comjanews - Local File Inclusion author: daffainf...
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
A directory traversal vulnerability in the Foobla Suggestions comfooblasuggestions component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-2920 info: name: Joomla! Component Foobla...
CuppaCMS v1.0 - Local File Inclusion
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. id: CVE-2022-34121 info: name: CuppaCMS v1.0 - Local File Inclusion author: edoardottt severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the...
uDraw <3.3.3 - Local File Inclusion
uDraw before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users...