Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
lfi vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-26031
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI....
7.5
CVSSv2
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution....
Intesync Solismed 3.3
5
CVSSv2
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint....
Artica Pandora Fms
5
CVSSv2
CVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker....
Google Rendertron 1.0.0
5
CVSSv2
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246....
Php-proxy Php-proxy 3.0.3
1 EDB exploit available
4
CVSSv2
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request....
Eq-3 Cux-daemon
Eq-3 Ccu2 Firmware
7.5
CVSSv2
CVE-2021-21804
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this...
Advantech R-seenet 2.4.12
5
CVSSv2
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow....
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
2.1
CVSSv2
CVE-2018-14573
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683....
Trms Tightrope Media Carousel Digital Signage
5
CVSSv2
CVE-2019-3737
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application....
Dell Avamar Data Migration Enabler Web Interface 1.0.51
Dell Avamar Data Migration Enabler Web Interface 1.0.50
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-43893
CVE-2021-44828
denial of service
XML injection
CVE-2021-44739
XML external entity
CVE-2022-20658
CVE-2021-44743
CVE-2022-23303
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon