Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1771 | 1 Shinecommerce | 1 Traveler | 2025-03-28 | N/A | 9.8 CRITICAL |
| The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | |||||
| CVE-2024-9193 | 1 Whmpress | 1 Whmcs | 2025-03-25 | N/A | 9.8 CRITICAL |
| The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. Utilizing the /admin/services.php file, this can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-21687 | 1 Atlassian | 1 Bamboo | 2025-03-14 | N/A | 8.1 HIGH |
| This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html). You can download the latest version of Bamboo Data Center and Server from the download center (https://www.atlassian.com/software/bamboo/download-archives). This vulnerability was reported via our Bug Bounty program. | |||||
| CVE-2024-34314 | 1 Cmseasy | 1 Cmseasy | 2025-03-14 | N/A | 4.9 MEDIUM |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2023-24217 | 1 Agilebio | 1 Electronic Lab Notebook | 2025-03-06 | N/A | 8.8 HIGH |
| AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | |||||
| CVE-2024-13353 | 1 Cyberchimps | 1 Responsive Addons For Elementor | 2025-02-25 | N/A | 8.8 HIGH |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13408 | 1 Pickplugins | 1 Post Grid | 2025-02-05 | N/A | 7.5 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | |||||
| CVE-2024-13593 | 1 Bmltenabled | 1 Meeting Map | 2025-02-04 | N/A | 7.5 HIGH |
| The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-51541 | 2024-12-05 | N/A | 8.2 HIGH | ||
| Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2024-6589 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 8.8 HIGH |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-36415 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.1 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-35629 | 1 Wow-company | 1 Easy Digital Downloads | 2024-11-21 | N/A | 9.6 CRITICAL |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | |||||
| CVE-2024-0315 | 1 Fireeye | 1 Central Management | 2024-11-21 | N/A | 6.6 MEDIUM |
| Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | |||||
| CVE-2023-4195 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A | 8.8 HIGH |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-49084 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 8.0 HIGH |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | |||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | |||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | |||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | |||||
| CVE-2022-4606 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 9.8 CRITICAL |
| PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2024-9981 | 1 Formosasoft | 1 Ee-class | 2024-10-17 | N/A | 8.8 HIGH |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | |||||