CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues...

9.1CVSS5.8AI score0.92159EPSS

Exploits2References1

ATTACKERKB•added 2023/11/20 7:15 p.m.•2 views

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

6.1CVSS6AI score0.00167EPSS

Exploits0References4

Prion•added 2020/03/05 8:15 p.m.•15 views

Sql injection

An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter...

7.5CVSS9.8AI score0.00072EPSS

Exploits0References6Affected Software1

OSV•added 2019/07/10 2:15 p.m.•0 views

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

5.3CVSS6.1AI score0.76524EPSS

Exploits5References2

RedHat Linux•added 2019/06/10 4:39 p.m.•1 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00403EPSS

Exploits0References4

Prion•added 2008/07/30 4:41 p.m.•14 views

Directory traversal

Directory traversal vulnerability in userportal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ dot dot backslash in the include parameter...

7.5CVSS7.2AI score0.07829EPSS

Exploits0References8Affected Software1

Cvelist•added 2008/07/30 4:3 p.m.•16 views

CVE-2008-3363

7AI score0.07829EPSS

Exploits0References8

Prion•added 2007/05/14 11:19 p.m.•7 views

Remote file inclusion

PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter...

7.5CVSS8AI score0.04745EPSS

Exploits0References3Affected Software1

NVD•added 2006/06/07 12:2 a.m.•9 views

CVE-2006-2877

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the includeprefix parameter in 1 inc/dbase.php, 2 inc/config.php, 3 inc/common.php, and 4 inc/function.php. NOTE: it has been reported that the inc directory is...

7.5CVSS6.9AI score0.06627EPSS

Exploits0References11