CVE-2023-6013

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

Cross site scripting

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

CVE-2023-6021 Ray Log File Local File Include

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

CVE-2023-6013 H2O Local File Include

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

CVE-2023-6013

CVE-2023-6013 affects H2O with a stored XSS vulnerability that can lead to a Local File Include attack. Affected component is H2O’s web layer handling inputs, with the underlying issue described as stored XSS in multiple feeds and pages. Impact stated in sources includes potential exposure of loc...

CVE-2023-6013 H2O Local File Include

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

CVE-2023-6023 ModelDB Local File Include

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...

PT-2023-32476 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: H2O affected versions not specified Description: The issue is related to a stored XSS vulnerability that can lead to a Local File Include attack. This allows an attacker to potentially execute malicious scripts or access sensitive files on th...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

CVE-2023-5550 Moodle: rce due to lfi risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

PT-2023-6939 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot...

PT-2023-32349 · WordPress · The News & Blog Designer Pack

Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

Cacti link Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability. The specific flaw exists within the link endpoint. The issue results from the lack of proper validation of data retrieved from the...

PT-2023-31501 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.100 Description: A critical issue has been found in DedeCMS, affecting an unknown functionality of the file /include/dialog/select templets post.php. The manipulation of the activepath argument leads to absolute pat...

librsvg: Arbitrary file read when xinclude href has special characters

A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...

The vulnerability of the XInclude mechanism for combining XML documents in the librsvg visualization library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the XInclude mechanism for combining XML documents in the librsvg vector graphics rendering library is related to an incorrect restriction on the path name to the restricted directory during the processing of the xi:include element. Exploiting this vulnerability could allow a...

GHSA-X2JC-989C-47Q4 Hexo `include_code` has a path traversal

Hexo up to v7.1.1 was discovered to contain an arbitrary file read vulnerability...