20397 matches found
CVE-2026-58467
A flaw was found in Cockpit CMS. This vulnerability, a path traversal and local file inclusion, allows an unauthenticated attacker to read arbitrary files or execute PHP files. By manipulating the URL, an attacker can bypass security checks and access restricted directories. This could lead to...
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
CVE-2024-6228 WANotifier < 2.6 - Subscriber+ LFI
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
Joomla! JoomlaPraise Projectfork comprojectfork 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. id: CVE-2009-2100 info: name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion author: daffainfo severity: medium...
Joomla! MooFAQ 1.0 - Local File Inclusion
Joomla! Ideal MooFAQ 1.0 via commoofaq allows remote attackers to read arbitrary files via a .. dot dot in the file parameter local file inclusion. id: CVE-2009-2015 info: name: Joomla! MooFAQ 1.0 - Local File Inclusion author: daffainfo severity: high description: Joomla! Ideal MooFAQ 1.0 via...
Joomla! Component com_biblestudy - Local File Inclusion
A directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php. id: CVE-2010-0157 info: name: Joomla! Component...
Joomla! Component Jfeedback 1.2 - Local File Inclusion
A directory traversal vulnerability in the Ternaria Informatica Jfeedback! comjfeedback component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1478 info: name:...
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or...
Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Agora 3.0.0b comagora allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severit...
Joomla! Component Online Exam 1.5.0 - Local File Inclusion
A directory traversal vulnerability in the Online Examination aka Online Exam or comonlineexam component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1715 info: name: Joomla! Component Online Exam 1.5.0 -...
Gradio Hugging Face - Local File Inclusion
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...
Gibbon v25.0.0 - Local File Inclusion
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI vulnerability where it's possible to include the content of several files present in the installation folder in the server's response. id: CVE-2023-34598 info: name: Gibbon v25.0.0 - Local File Inclusion author: DhiyaneshDk severity:...
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
A directory traversal vulnerability in the Foobla Suggestions comfooblasuggestions component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-2920 info: name: Joomla! Component Foobla...
WordPress Formality Plugin <= 1.5.9 - Local File Inclusion
Michele Giorgi Formality = 1.5.9 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input. id: CVE-2025-48157 info: name: WordPress Formality Plugin = 1.5.9 - Local File...
Blinko < 1.8.4 - Path Traversal
Blinko 1.8.4 contains a path traversal vulnerability caused by lack of permission checks and filtering on the temp/ path in the file server endpoint, letting unauthorized attackers read arbitrary files including backup files with user notes and tokens, exploit requires no special privileges. id:...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...
Solara <1.35.1 - Local File Inclusion
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...