Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/17 9:19 p.m.23 views

CVE-2026-48820 CakePHP: View::element() is missing a path containment check

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 8:25 a.m.20 views

CVE-2025-11722

The CVE CVE-2025-11722 affects the WordPress plugin “Woocommerce Category and Products Accordion Panel” (accordion-panel-for-category-and-products). The vulnerability is Local File Inclusion via the categoryaccordionpanel shortcode in all versions up to 1.0, exploitable by authenticated attackers...

7.5CVSS6.7AI score0.00584EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

8.8CVSS8AI score0.98391EPSS
Exploits20References7
VulnCheck KEV
VulnCheck KEV
added 2022/12/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

8.8CVSS6.9AI score0.98391EPSS
Exploits20References1
CNVD
CNVD
added 2019/11/20 12:0 a.m.5 views

File Inclusion Vulnerability in Blue Route Blog System si***_mo***.php Page

Blue Route Blog System is built with PHP+MySQL. Blue Route blog system simo.php page there is a file inclusion vulnerability, an attacker can use the vulnerability to include any file on the server...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2009/10/30 12:0 a.m.28 views

PAJAX Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PAJAX Remote...

7.5CVSS0.3AI score0.36127EPSS
Exploits5
Rows per page
Query Builder