Lucene search
K

5164 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2023/11/16 12:0 a.m.25 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

9.3CVSS5.6AI score0.00749EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.6 views

PT-2023-32476 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: H2O affected versions not specified Description: The issue is related to a stored XSS vulnerability that can lead to a Local File Include attack. This allows an attacker to potentially execute malicious scripts or access sensitive files on th...

9.3CVSS8.8AI score0.00749EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/11/09 8:15 p.m.4 views

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

9.8CVSS6AI score0.0137EPSS
Exploits0References4
OSV
OSV
added 2023/11/09 8:15 p.m.23 views

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

9.8CVSS9.5AI score
Exploits0References3
Cvelist
Cvelist
added 2023/11/09 7:38 p.m.33 views

CVE-2023-5550 Moodle: rce due to lfi risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

6.5CVSS9.7AI score0.0137EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.4 views

PT-2023-6939 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot...

10CVSS6.9AI score0.0137EPSS
Exploits0References19
Prion
Prion
added 2023/06/09 6:16 a.m.18 views

Deserialization of untrusted data

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

6.5CVSS8.7AI score0.60809EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/09 5:33 a.m.95 views

CVE-2023-2249

CVE-2023-2249 concerns wpForo Forum (WordPress) up to version 2.1.7. The vulnerability stems from insecure use of PHP file_get_contents, enabling Local File Inclusion, Server-Side Request Forgery, and PHAR deserialization. Authenticated attackers with minimal privileges (e.g., subscriber) can rea...

8.8CVSS9AI score0.60809EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.21 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS8.9AI score0.60809EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.40 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS7.5AI score0.60809EPSS
Exploits1References3
OSV
OSV
added 2022/05/24 5:16 p.m.18 views

GHSA-6JF9-8M34-96W5 TeamPass PHP arbitrary file include vulnerability

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

8.8CVSS8.4AI score0.02575EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:16 p.m.26 views

TeamPass PHP arbitrary file include vulnerability

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

8.8CVSS6.6AI score0.02575EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/20 1:2 p.m.29 views

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

Summary There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability CVE-2021-2992...

9.8CVSS0.5AI score0.06827EPSS
Exploits1Affected Software1
0day.today
0day.today
added 2022/03/31 12:0 a.m.221 views

COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/23 12:0 a.m.230 views

WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

0.3AI score
Exploits0
OSV
OSV
added 2022/02/21 6:15 p.m.7 views

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

7.8CVSS7.1AI score0.00736EPSS
Exploits0References2
NVD
NVD
added 2022/02/21 6:15 p.m.30 views

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

7.8CVSS0.00736EPSS
Exploits0References2
Prion
Prion
added 2022/02/21 6:15 p.m.22 views

Design/Logic Flaw

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

6.8CVSS8.1AI score0.00736EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/21 6:10 p.m.28 views

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

7.1CVSS7.6AI score0.00736EPSS
Exploits0References2
CVE
CVE
added 2022/02/21 6:10 p.m.109 views

CVE-2022-22308

IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...

7.8CVSS7.7AI score0.00736EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder