CVE-2025-51052

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'filegetcontents' function call in '/apivedo/template'...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-25799

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the filegetcontents function at adminsafe.php...

CVE-2025-25800

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the filegetcontents function at adminsafefile.php...

CVE-2025-25799

CVE-2025-25799 concerns SeaCMS 13.3, where an arbitrary file read vulnerability exists in the file_get_contents call within admin_safe.php. The root cause is improper handling of file access in that function, enabling reading unintended files. Impact per sources: confidentiality and integrity vio...

CVE-2025-25799

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the filegetcontents function at adminsafe.php...

CVE-2025-25799

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the filegetcontents function at adminsafe.php...

CVE-2024-5021

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'filegetcontents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

Information disclosure

In CMS Made Simple CMSMS through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP filegetcontents function...