Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13353 | 1 Cyberchimps | 1 Responsive Addons For Elementor | 2025-02-25 | N/A | 8.8 HIGH |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13408 | 1 Pickplugins | 1 Post Grid | 2025-02-05 | N/A | 7.5 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | |||||
| CVE-2024-13593 | 1 Bmltenabled | 1 Meeting Map | 2025-02-04 | N/A | 7.5 HIGH |
| The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-51541 | 2024-12-05 | N/A | 8.2 HIGH | ||
| Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2024-6589 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 8.8 HIGH |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-36415 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.1 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-35629 | 1 Wow-company | 1 Easy Digital Downloads | 2024-11-21 | N/A | 9.6 CRITICAL |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | |||||
| CVE-2024-0315 | 1 Fireeye | 1 Central Management | 2024-11-21 | N/A | 6.6 MEDIUM |
| Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. | |||||
| CVE-2023-4195 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A | 8.8 HIGH |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-49084 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 8.0 HIGH |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | |||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | |||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | |||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | |||||
| CVE-2022-4606 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 9.8 CRITICAL |
| PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2024-9981 | 1 Formosasoft | 1 Ee-class | 2024-10-17 | N/A | 8.8 HIGH |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | |||||
| CVE-2024-8252 | 1 Codection | 1 Clean Login | 2024-09-03 | N/A | 8.8 HIGH |
| The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-5762 | 1 Zen-cart | 1 Zen Cart | 2024-08-23 | N/A | 8.1 HIGH |
| Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408. | |||||