7 matches found
CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module
FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...
Exploit for CVE-2026-34036
CVE-2026-34036 Proof-of-concept script for CVE-2026-34036...
CVE-2026-27894 LAM has Authenticated Local File Inclusion (LFI) in PDF export
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...
PT-2025-52834
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...
Exploit for CVE-2024-57785
CVE-2024-57785 Exploit Title: Authenticated File Incl...
CVE-2024-11952 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...
CVE-2024-7146 JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion
The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcherpreset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files ...