EUVD-2025-210261

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

CVE-2025-69167

Unauthenticated Local File Inclusion in Eros = 1.3 versions...

HTB-Pterodactyl-Writeup

HackTheBox — Pterodactyl Writeup Difficulty: Medium |...

pantry

▄▄ ▄▄ ▄█▀▀█▄ █▄ █...

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

Exploit for CVE-2025-4524

CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LF...

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

ManageEngine AssetExplorer < 6.9 Build 6977

The version of ManageEngine AssetExplorer installed on the remote host is prior to 6.9 Build 6977. It is, therefore, affected by a vulnerability as referenced in the asset-explorercve-2022-35403 advisory. - Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and...

CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

WordPress Videos sync PDF plugin <= 1.7.4 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Videos sync PDF plugin versions = 1.7.4. Solution No patched version is available...

Remote code execution

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution...

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...