Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files...

WordPress Payeezy Pay <=2.97 - Local File Inclusion

WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97...

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

phpPgAdmin <=4.2.1 - Local File Inclusion

phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. dot dot in the language parameter to index.php. id: CVE-2008-5587 info: name: phpPgAdmin =4.2.1 - Local File Inclusion author:...

ionCube Tester Plus <= 1.3 - Local File Inclusion

The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...

Xibo 1.2.2/1.4.1 - Directory Traversal

A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php. id: CVE-2013-5979 info: name: Xibo 1.2.2/1.4.1 - Directory Traversal author: daffainfo severity:...

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...

WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion

WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...

Joomla! Component NoticeBoard 1.3 - Local File Inclusion

A directory traversal vulnerability in the Code-Garage NoticeBoard comnoticeboard component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1658 info: name: Joomla!...

Elasticsearch - Local File Inclusion

Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. id: CVE-2015-3337 info: name: Elasticsearch - Local File Inclusion author: pdteam severity: medium description: Elasticsearch before 1.4.5 and...

Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion

Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via comimagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. dot dot in the folder parameter to index.php. id: CVE-2008-4668 info: name: Joomla! Image Browser 0.1.5 rc2 - Local...

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

Joomla! ProDesk 1.0/1.2 - Local File Inclusion

Joomla! Pro Desk Support Center comprodesk component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. dot dot in the includefile parameter to index.php. id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo severity: medium description:...

Joomla! <=2.0.0 RC2 - Local File Inclusion

Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module comextplorer that allows remote attackers to read arbitrary files via a .. dot dot in the dir parameter in a showerror action. id: CVE-2008-4764 info: name: Joomla! =2.0.0 RC2 - Local File Inclusion...

Wordpress Zedna eBook download <1.2 - Local File Inclusion

Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability. id: CVE-2016-10924 info: name: Wordpress Zedna eBook download 1.2 - Local File Inclusion author: idealphase severity: high description: | Wordpress Zedna eBook download prior...

Opsview Monitor Pro - Local File Inclusion

Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass. id:...

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...