Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/05/29 12:42 p.m.35 views

CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS0.00272EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/31 8:32 p.m.148 views

Exploit for CVE-2026-34036

CVE-2026-34036 Proof-of-concept script for CVE-2026-34036...

6.5CVSS6AI score0.00419EPSS
Exploits2
Cvelist
Cvelist
added 2026/03/17 11:48 p.m.31 views

CVE-2026-27894 LAM has Authenticated Local File Inclusion (LFI) in PDF export

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.9 views

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

8.6CVSS7AI score0.00712EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2025/01/16 11:10 a.m.229 views

Exploit for CVE-2024-57785

CVE-2024-57785 Exploit Title: Authenticated File Incl...

4.9CVSS7AI score0.00658EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/12/04 8:22 a.m.7 views

CVE-2024-11952 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion

The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...

7.5CVSS7.8AI score0.00873EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/16 10:59 a.m.40 views

CVE-2024-7146 JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion

The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcherpreset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files ...

8.8CVSS0.00956EPSS
Exploits0References2
Rows per page
Query Builder