4701 matches found
CVE-2026-32500
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...
CVE-2026-27079
CVE-2026-27079 corresponds to a Local File Inclusion vulnerability in WordPress Amfissa (Mikado-Themes) theme, described as Improper Control of Filename for Include/Require in PHP (PHP Remote File Inclusion). Affected software: Mikado-Themes Amfissa amfissa, versions n/a through 1.1. Root cause: ...
CVE-2026-27076
CVE-2026-27076 is a Local File Inclusion in the WordPress LuxeDrive theme (1.0 or appropriate mitigation from the patch source; monitor for patches and advisories if you manage LuxeDrive deployments. If exact patch version not yet released in your environment, consider temporary mitigations until...
CVE-2026-25382 WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through 3.8.6...
CVE-2026-22511
CVE-2026-22511: WordPress NeoBeat theme (NeoBeat, <=1.2) is affected by Local File Inclusion due to Improper Control of Filename for Include/Require in PHP. The issue, described as PHP Remote File Inclusion in the entry, actually enables Local File Inclusion. Affected: NeoBeat WordPress Theme ...
CVE-2026-22508 WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through = 3.3...
PT-2026-27976
Name of the Vulnerable Software and Affected Versions Mikado-Themes MultiOffice versions n/a through 1.2 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes MultiOffice...
PT-2026-28045
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through 1.4.5...
PT-2026-28014
Name of the Vulnerable Software and Affected Versions CreativeWS MetaMax versions through 1.1.4 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program, specifically in CreativeWS MetaMax. This allows for PHP Local File Inclusion. The issue...
PT-2026-27958
Name of the Vulnerable Software and Affected Versions TieLabs Jannah versions through 7.6.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local PHP files...
PT-2026-27818
Name of the Vulnerable Software and Affected Versions AncoraThemes Greenville versions through 1.3.2 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program AncoraThemes Greenville, leading to a PHP Local File Inclusion issue. This allows f...
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the plugin/Live/standAloneFiles/saveDVR.json.php file. Thi...
CVE-2019-25582
CVE-2019-25582 affects i-doit CMDB 1.12. An authenticated user can download arbitrary files by manipulating the file parameter in index.php with file_manager=image, e.g., requesting src/config.inc.php. This enables retrieval of configuration files and other sensitive system data. The vulnerabilit...
CVE-2025-50881
The flow/admin/moniteur.php script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the action URL parameter, performs insufficient validation, and incorporates this input into a strin...
CVE-2026-32401
The CVE-2026-32401 entry concerns the WordPress plugin WordPress Client Invoicing by Sprout Invoices (Sprout Invoices) affecting versions up to 20.8.9. It is caused by an improper control of the filename used in PHP include/require statements, leading to PHP Local File Inclusion (LFI). The vulner...
CVE-2026-32364
CVE-2026-32364 relates to a Local File Inclusion in the WordPress Turbo Manager plugin (turbo-manager) via an improper control of the filename for include/require statements in PHP. The vulnerability affects Turbo Manager versions earlier than 4.0.8. The underlying issue is an insecure handling o...
CVE-2026-32364
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through 4.0.8...
CVE-2019-25543
Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...
Moderate: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
RHEL 9 : php (RHSA-2026:4212)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4212 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...