Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32409
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows malicious users to execute arbitrary PHP code via a crafted HTTP request.
Softwarepublico I3geo 7.0.5
1 Github repository
NA
CVE-2024-2928
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as...
NA
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin prior to 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
Imagely Nextgen Gallery
NA
CVE-2022-41547
Mobile Security Framework (MobSF) v0.9.2 and below exists to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows malicious users to read arbitrary files via a crafted HTTP request.
Opensecurity Mobile Security Framework
4
CVSSv2
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated malicious users to read sensitive files via a simple HTTP Request.
Eq-3 Cux-daemon
Eq-3 Ccu2 Firmware
7.5
CVSSv2
CVE-2021-26633
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
Maxb Maxboard
NA
CVE-2023-1273
The ND Shortcodes WordPress plugin prior to 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
Nicdark Nd Shortcodes
1 Github repository
NA
CVE-2022-38258
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows malicious users to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
Dlink Dir-819 Firmware 1.06
NA
CVE-2023-39699
IceWarp Mail Server v10.4.5 exists to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows malicious users to include or execute files from the local file system of the targeted server.
Icewarp Mail Server 10.4.5
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »