Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-21804
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerabil...
Advantech R-seenet 2.4.12
7.5
CVSSv3
CVE-2021-39433
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the malicious user to read arbitrary files from the server with the permissions of the configur...
Biqs Biqsdrive
1 Github repository
6.1
CVSSv3
CVE-2022-1932
The Rezgo Online Booking WordPress plugin prior to 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file
Rezgo Rezgo Online Booking
8.8
CVSSv3
CVE-2023-49715
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send ...
Wwbn Avideo 15fed957fb
7.5
CVSSv3
CVE-2023-6021
LFI in Ray's log API endpoint allows malicious users to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cv...
Ray Project Ray -
2 Articles
5.5
CVSSv3
CVE-2017-7282
An issue exists in Unitrends Enterprise Backup prior to 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated malicious user to read any file in the filesystem that the web ...
Unitrends Enterprise Backup
7.5
CVSSv3
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
6.5
CVSSv3
CVE-2023-48381
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to a...
Softnext Mail Sqr Expert
6.5
CVSSv3
CVE-2023-48382
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific syste...
Softnext Mail Sqr Expert
9.8
CVSSv3
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin prior to 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated malicious users to perform Local File Inclusion attack and read arbitrary files on the serv...
Wpdeveloper Essential Addons For Elementor
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »