Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37191
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload....
Cuppacms Cuppacms 1.0
1 Github repository available
7.5
CVSSv2
CVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED....
Amodat Amodat
4
CVSSv2
CVE-2022-29448
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress....
Wow-estore Herd Effects
10
CVSSv2
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the...
Sysaid Sysaid
7.5
CVSSv2
CVE-2022-26646
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter....
Banking System Project Banking System 1.0
NA
CVE-2023-37601
Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts....
Mobisystems Office Suite 10.9.1.42602
4
CVSSv2
CVE-2022-29447
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress....
Wow-company Hover Effects
7.5
CVSSv2
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution....
Intesync Solismed 3.3
4
CVSSv2
CVE-2022-29446
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress....
Wow-company Counter Box
6.5
CVSSv2
CVE-2022-29445
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress....
Wow-estore Popup Box
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
seacms
CVE-2023-28393
remote code execution
authentication bypass
open redirect
acymailing
CVE-2023-43339
CVE-2023-3664
openstack
popup builder
CVE-2023-21987
CVE-2023-21991
CVE-2023-3550
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »