Total
1218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | |||||
| CVE-2023-4488 | 1 Hynotech | 1 Dropbox Folder Share | 2026-06-17 | N/A | 9.8 CRITICAL |
| The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2023-4195 | 1 Agentejo | 1 Cockpit | 2026-06-17 | N/A | 8.8 HIGH |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-49084 | 1 Cacti | 1 Cacti | 2026-06-17 | N/A | 8.0 HIGH |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | |||||
| CVE-2023-49031 | 1 Oneadvanced | 1 Tikit Emarketing | 2026-06-17 | N/A | 5.1 MEDIUM |
| Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint. | |||||
| CVE-2023-3452 | 1 Canto | 1 Canto | 2026-06-17 | N/A | 9.8 CRITICAL |
| The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server. | |||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2026-06-17 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | |||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2026-06-17 | N/A | 7.5 HIGH |
| FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | |||||
| CVE-2023-2249 | 1 Gvectors | 1 Wpforo Forum | 2026-06-17 | N/A | 8.8 HIGH |
| The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services. | |||||
| CVE-2023-26005 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4. | |||||
| CVE-2023-25999 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4. | |||||
| CVE-2023-25998 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n/a through 2.6. | |||||
| CVE-2023-25995 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1. | |||||
| CVE-2023-24217 | 1 Agilebio | 1 Electronic Lab Notebook | 2026-06-17 | N/A | 8.8 HIGH |
| AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | |||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2026-06-17 | N/A | 4.9 MEDIUM |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | |||||
| CVE-2022-50954 | 2026-06-17 | N/A | 6.2 MEDIUM | ||
| WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include arbitrary files outside the intended controllers directory. | |||||
| CVE-2022-50897 | 1 Mpdf Project | 1 Mpdf | 2026-06-17 | N/A | 5.5 MEDIUM |
| mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications. | |||||
| CVE-2022-4982 | 2026-06-17 | N/A | N/A | ||
| DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC. | |||||
| CVE-2022-4606 | 1 Flatpress | 1 Flatpress | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2022-44786 | 1 Maggioli | 1 Appalti \& Contratti | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. | |||||