Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
Vertaai Modeldb -
NA
CVE-2023-1124
The Shopping Cart & eCommerce Store WordPress plugin prior to 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.
Wpeasycart Wp Easycart
NA
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Open-emr Openemr
445
VMScore
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an malicious user to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora Fms
445
VMScore
CVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.
Google Rendertron 1.0.0
1000
VMScore
CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 does not properly restrict access to application scripts, which allows remote malicious users to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.2
4 EDB exploits
NA
CVE-2022-28741
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x
Aenrich A\\+hrd
NA
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
Gibbonedu Gibbon 25.0.00
2 Github repositories
505
VMScore
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Php-proxy Php-proxy 3.0.3
1 EDB exploit
NA
CVE-2022-32409
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows malicious users to execute arbitrary PHP code via a crafted HTTP request.
Softwarepublico I3geo 7.0.5
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »