CVE-2016-20078 WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

EUVD-2016-10890

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion (LFI) vulnerability in pic.php that allows unauthenticated attackers to read arbitrary files via directory traversal in the URL. The impact includes potential exposure of sensitive data such as wp-config.php. CVSS metrics present...

PT-2026-49216

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

CVE-2018-19228

An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation...

EUVD-2008-2072

Malware in sbrugna...

EUVD-2018-13034

Malware in sbrugna...

Pre-School Enrollment System Project update-class-pic.php File Directory Traversal Vulnerability

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-class-pic.php when processing directory requests, and can...

CVE-2025-50349

PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php...

CVE-2025-50348

PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php...

CVE-2025-50349

PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php...

CVE-2025-50348

PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php...

Sql injection

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php Pid parameter...

CVE-2018-20480

CVE-2018-20480 affects S-CMS 1.0. A SQL injection vulnerability exists in the js/pic.php file, exploitable through the P_id parameter. The root cause is improper handling of the P_id input leading to SQL injection. Impact details in the sources indicate potential data exposure/modification, but t...

laurisch-architekt.de XSS vulnerability

Open Bug Bounty ID: OBB-636867 Description| Value ---|--- Affected Website:| laurisch-architekt.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ufcw496.org XSS vulnerability

Open Bug Bounty ID: OBB-545665 Description| Value ---|--- Affected Website:| ufcw496.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress IMDb Profile Widget 1.0.8 Plugin - Local File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin IMDb Profile Widget - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-26 Google Dork : inurl:/wp-content/plugins/imdb-widget Vendor Homepage: https://wordpress.org/plugins/imdb-widget/...

web.ics.purdue.edu XSS vulnerability

Vulnerable URL: http://web.ics.purdue.edu/aepinews/pic.php?pic=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:52 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

appcms 1.3.855 /pic.php 任意文件下载漏洞

No description provided by source...

appcms 1.3.708 /pic.php 任意文件下载漏洞

No description provided by source...