Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
local file inclusion vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an malicious user to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/hist...
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
1.9
CVSSv2
CVE-2018-15657
An SSRF issue exists in 42Gears SureMDM prior to 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
42gears Suremdm
1 EDB exploit
5
CVSSv2
CVE-2010-0799
Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote malicious users to read arbitrary files via a .. (dot dot) in the id parameter.
Perlunity Phpunity.newsmanager
1 EDB exploit
6.8
CVSSv2
CVE-2012-5386
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is...
Nicolas Tormo Phppaleo 4.8b180
1 EDB exploit
6.8
CVSSv2
CVE-2008-6018
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the mod parameter.
Myphpsite Myphpsite Nil
1 EDB exploit
6.8
CVSSv2
CVE-2008-1751
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote malicious users to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.
Ksemail Ksemail
1 EDB exploit
5
CVSSv2
CVE-2012-1790
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote malicious users to read arbitrary files via a full pathname in the file parameter to index.php.
Webgrind Project Webgrind 1.0
1 EDB exploit
5
CVSSv2
CVE-2008-2350
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 up to and including 1.0.13 allows remote malicious users to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.12
Bcoos Bcoos 1.0.13
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.9
1 EDB exploit
7.5
CVSSv2
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
5
CVSSv2
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin up to and including 1.1.1 for WordPress allows remote malicious users to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path tra...
Siteeditor Site Editor
1 EDB exploit
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »