Total
133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52497 | 1 Quomodosoft | 1 Shopready | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. | ||||
| CVE-2024-52496 | 1 Abosoluteplugins | 1 Absolute Addons For Elementor | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14. | ||||
| CVE-2024-10898 | 1 Krishaweb | 1 Contact Form 7 Email Add On | 2024-11-26 | 8.8 High |
| The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | ||||
| CVE-2024-10873 | 1 Lastudio | 1 La-studio Element Kit For Elementor | 2024-11-26 | 8.8 High |
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-52450 | 1 Official Pro Coders | 1 Nblocks | 2024-11-21 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2. | ||||
| CVE-2024-6589 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 8.8 High |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-4315 | 2024-11-21 | N/A | ||
| parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability. | ||||
| CVE-2024-36415 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.1 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-35650 | 1 Melapress | 1 Melapress Login Security | 2024-11-21 | 4.9 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. | ||||
| CVE-2024-35629 | 1 Wow-company | 1 Easy Digital Downloads | 2024-11-21 | 9.6 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | ||||
| CVE-2024-30849 | 1 Sourcecodester | 1 Complete Ecommerce Site | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. | ||||
| CVE-2024-1600 | 2024-11-21 | N/A | ||
| A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. | ||||
| CVE-2024-0315 | 1 Fireeye | 1 Central Management | 2024-11-21 | 6.6 Medium |
| Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | ||||
| CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | ||||
| CVE-2023-4195 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 8.8 High |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | ||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | ||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | ||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | ||||
| CVE-2022-4606 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 9.8 Critical |
| PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2022-4446 | 1 Corebos | 1 Corebos | 2024-11-21 | 9.8 Critical |
| PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | ||||