Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2928
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as...
4.9
CVSSv3
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin prior to 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
Imagely Nextgen Gallery
NA
CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 does not properly restrict access to application scripts, which allows remote malicious users to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
4 EDB exploits
9.8
CVSSv3
CVE-2021-26633
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
Maxb Maxboard
6.5
CVSSv3
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated malicious users to read sensitive files via a simple HTTP Request.
Eq-3 Cux-daemon
Eq-3 Ccu2 Firmware
8.8
CVSSv3
CVE-2023-1273
The ND Shortcodes WordPress plugin prior to 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
Nicdark Nd Shortcodes
1 Github repository
7.5
CVSSv3
CVE-2022-41547
Mobile Security Framework (MobSF) v0.9.2 and below exists to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows malicious users to read arbitrary files via a crafted HTTP request.
Opensecurity Mobile Security Framework
8.1
CVSSv3
CVE-2022-38258
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows malicious users to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
Dlink Dir-819 Firmware 1.06
9.8
CVSSv3
CVE-2023-39699
IceWarp Mail Server v10.4.5 exists to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows malicious users to include or execute files from the local file system of the targeted server.
Icewarp Mail Server 10.4.5
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »