9 matches found
pantry
▄▄ ▄▄ ▄█▀▀█▄ █▄ █...
CVE-2025-11371
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...
Exploit for CVE-2025-4524
CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LF...
CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
WordPress Videos sync PDF plugin <= 1.7.4 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Videos sync PDF plugin versions = 1.7.4. Solution No patched version is available...
Remote code execution
An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution...
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...
CVE-2018-15486
An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...