Atlassian Jira Limited - Local File Inclusion

Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. id: CVE-2021-26086 info: name: Atlassian Jira Limited - Local...

OpenEMR 4.1 - Local File Inclusion

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter. id:...

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

OpenEMR <5.0.2 - Local File Inclusion

OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajaxdownload.php. An attacker can download any file that is readable by the web server user from server storage. If the requested file is writable for the web server user and the directory...

WordPress Localize My Post 1.0 - Local File Inclusion

WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. id: CVE-2018-16299 info: name: WordPress Localize My Post 1.0 - Local File Inclusion author: 0xAkoko,0x240x23elu severity: high description: | WordPress Localize My Post 1.0 is susceptib...

Joomla! Component Juke Box 1.7 - Local File Inclusion

A directory traversal vulnerability in the JOOFORGE Jutebox comjukebox component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion...

Joomla! Component Archery Scores 1.0.6 - Local File Inclusion

A directory traversal vulnerability in archeryscores.php in the Archery Scores comarcheryscores component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1718 info: name: Joomla! Compone...

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php modname parameter, which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. id: CVE-2021-40651 info: name: OS4Ed OpenSIS Community 8.0 - Local...

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

Tyto Sahi pro 7.x/8.x - Local File Inclusion

Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. id: CVE-2018-20470 info: name: Tyto Sahi pro 7.x/8.x - Local File Inclusion author: daffainfo...

Pandora FMS <=7.0NG.722 - Remote Code Execution

Pandora FMS versions =7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload CVE-2018-11221 and a local file inclusion CVE-2018-11222. An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of t...

Joomla! Component News Portal 1.5.x - Local File Inclusion

A directory traversal vulnerability in the iJoomla News Portal comnewsportal component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1312 info: name: Joomla! Component News Portal 1.5.x - Local File...

Joomla! Component Web TV 1.0 - Local File Inclusion

A directory traversal vulnerability in the Web TV comwebtv component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1470 info: name: Joomla! Component Web TV 1.0 -...

Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the Gadget Factory comgadgetfactory component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1956 info: name: Joomla! Component Gadget Factory 1.0.0 - Local...

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

AxxonSoft Axxon Next - Local File Inclusion

AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...

Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...

WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion

WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php. id: CVE-2018-9118 info: name: WordPress 99 Robots WP Background Takeover Advertisements =4.1.4 - Local File Inclusion author: 0xAkoko severity: high description: |...