Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37191
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
Cuppacms Cuppacms 1.0
7.5
CVSSv2
CVE-2014-4644
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Cacti Superlinks 1.4-2
2 EDB exploits
NA
CVE-2023-40630
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
Joomcode Jcdashboard
10
CVSSv2
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the L...
Sysaid Sysaid
7.5
CVSSv2
CVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Amodat Amodat
NA
CVE-2023-6020
LFI in Ray's /static/ directory allows malicious users to read any file on the server without authentication.
Ray Project Ray -
2 Articles
NA
CVE-2021-24566
The WooCommerce Currency Switcher FOX WordPress plugin prior to 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Pluginus Fox - Currency Switcher Professional For Woocommerce
NA
CVE-2023-37601
Office Suite Premium v10.9.1.42602 exists to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
Mobisystems Office Suite 10.9.1.42602
NA
CVE-2024-1644
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
7.5
CVSSv2
CVE-2022-26646
Online Banking System Protect v1.0 exists to contain a local file inclusion (LFI) vulnerability via the pages parameter.
Banking System Project Banking System 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »