CVE-2026-28028

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through = 1.0...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

phpXD <= 0.3 (path) Remote File Inclusion Vulnerability

No description provided by source. | | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:phpxd Affected Version:0.3...

reloadcms-lfi.txt

New Advisory: ReloadCMS http://reloadcms.com ——————–Summary—————- Software: ReloadCMS Sowtware’s Web Site: http://reloadcms.com/main/ Versions: 1.2.7 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Available Solution: Not Available Discovered b...

aBitWhizzy [local file include]

vendor site: http://www.unverse.net/abitwhizzy/ product : aBitWhizzy bug:local file include global risk : high http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd laurent gaffi & benjamin moss http://s-a-p.ca/ contact: [email protected]...

XSS and PHP include bug in W-Agora

I have found some bugs in W-Agora's forum configuration filesystem. In the page editform.php, an admin or root user can open any file, with the "PHP Include bug". A sample of the script: editform.php ?php the script gets the parameter "file", puts ".php" after this, and includes the file in the...