Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
NA
CVE-2023-6295
The SiteOrigin Widgets Bundle WordPress plugin prior to 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
Siteorigin Siteorigin Widgets Bundle
187
VMScore
CVE-2018-14573
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage prior to 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
Trms Tightrope Media Carousel Digital Signage
445
VMScore
CVE-2019-3737
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
Dell Avamar Data Migration Enabler Web Interface 1.0.51
Dell Avamar Data Migration Enabler Web Interface 1.0.50
NA
CVE-2023-1274
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI a...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
668
VMScore
CVE-2021-21804
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerabil...
Advantech R-seenet 2.4.12
445
VMScore
CVE-2021-39433
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the malicious user to read arbitrary files from the server with the permissions of the configur...
Biqs Biqsdrive
1 Github repository
NA
CVE-2022-1932
The Rezgo Online Booking WordPress plugin prior to 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file
Rezgo Rezgo Online Booking
NA
CVE-2023-49715
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send ...
Wwbn Avideo 15fed957fb
445
VMScore
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »