Total
202 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35650 | 1 Melapress | 1 Melapress Login Security | 2024-11-21 | 4.9 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. | ||||
| CVE-2024-35629 | 1 Wow-company | 1 Easy Digital Downloads | 2024-11-21 | 9.6 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | ||||
| CVE-2024-30849 | 1 Sourcecodester | 1 Complete Ecommerce Site | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. | ||||
| CVE-2024-1600 | 2024-11-21 | N/A | ||
| A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. | ||||
| CVE-2024-0315 | 1 Fireeye | 1 Central Management | 2024-11-21 | 6.6 Medium |
| Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | ||||
| CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | ||||
| CVE-2023-4195 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 8.8 High |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | ||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | ||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | ||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | ||||
| CVE-2021-22968 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0 | ||||
| CVE-2021-21804 | 1 Advantech | 1 R-seenet | 2024-11-21 | 9.8 Critical |
| A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | ||||
| CVE-2020-5295 | 1 Octobercms | 1 October | 2024-11-21 | 4.8 Medium |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | ||||
| CVE-2020-13175 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2024-11-21 | 7.5 High |
| The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | ||||
| CVE-2019-5479 | 1 Larvit | 1 Larvitbase | 2024-11-21 | 7.5 High |
| An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | ||||
| CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | N/A |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | ||||
| CVE-2016-6565 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A |
| The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | ||||
| CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | N/A |
| Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | ||||
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | N/A |
| A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | ||||
| CVE-2024-52428 | 1 Scripteo | 2 Ads Booster, Ads Booster By Ads Pro | 2024-11-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. | ||||