CVE-2025-49371 WordPress Strux theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Strux strux allows PHP Local File Inclusion.This issue affects Strux: from n/a through = 1.9...

CVE-2025-49361 WordPress Mamita theme <= 1.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects Mamita: from n/a through = 1.0.9...

CVE-2025-63074

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through 12.8.1.1...

CVE-2025-63074 WordPress The7 theme < 12.8.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through 12.8.1.1...

CVE-2025-67526

CVE-2025-67526 affects Sailing (WordPress theme) older than 4.4.6. It is a Local File Inclusion via improper filename handling in PHP include/require, exploitable by authenticated users with Contributor+ privileges. The WordFence vulnerability list notes a high severity (9.8 in some entries; CVSS...

CVE-2025-60191

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...

CVE-2025-62067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

CVE-2025-60196

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Clearblue Clearblue® Ovulation Calculator clearblue-ovulation-calculator allows PHP Local File Inclusion.This issue affects Clearblue® Ovulation Calculator: from n/a through =...

CVE-2025-64360 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-64216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through = 10.3.0...

CVE-2025-58958 WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through 1.8.5...

CVE-2025-49921 WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through = 3.0.0...

CVE-2025-54716

CVE-2025-54716 is a local file inclusion vulnerability in WordPress themes: Ireca (WordPress Theme, versioned up to 1.8.5). The underlying issue is Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion), enabling LFI. Affected product: Ireca

CVE-2025-39494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a...

CVE-2025-23952

CVE-2025-23952 describes an Unvalidated Filename handling flaw in WordPress plugin Custom Field List Widget (ntm custom-field-list-widget) that allows Local File Inclusion via PHP include/require. Affected: custom-field-list-widget versions

CVE-2024-53800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15...

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

SEC Consult Vulnerability Lab Security Advisory 20140423-0 ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia Network Backup releases ASA/APA/AVA since 7.0.3...

PHP include alco-0day

Я слегка трезв, так что не судите строго. Если что Ded mazdai гарант того что в таком состоянии судить меня строго нельзя По мотивам: https://rdot.org/forum/showpost.php?p=9688&postcount=45 Имеем скрипт inc.php: Код: Определение имён папок: 1 Шлём обычный кривой запрос http://localhost/inc.php?a=...

Особенности реализации PHP include.

Особенности реализации PHP Include. Введение. В данной заметке, я попытался объединить в одном месте все фичи, найденные в последнее время и позволяющие повысить эффективность атаки на основе PHP Include. Основы. Внедрение PHP-кода PHP Include — это уязвимость, заключающаяся в возможности внедрен...

pmachineExec.txt

This is a multi-part message in MIME format. ------=NextPart000000001C516AC.9C269F50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most...