CVE-2025-30871

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5...

PT-2025-7609 · Full · Full

Name of the Vulnerable Software and Affected Versions: FULL Customer versions 3.1.26 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or PHP Local File Inclusion vulnerability...

WordPress plugin WPMozo Addons Lite for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-49701

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6...

WordPress plugin Qi Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-49243

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0...

PT-2024-40156 · Twig · Twig

Name of the Vulnerable Software and Affected Versions: Twig affected versions not specified Description: The issue allows for path traversal when Twig is used with Twig Loader Filesystem for loading templates and the application uses non-trusted template names. This enables an attacker to access...

WordPress Amministrazione Apertas plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file inclusion...

GHSA-65J5-VPM7-6XP4 Smarty Path Traversal Vulnerability

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

Code injection

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

txtForum: Script Injection Vulnerability

=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...