Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file inclusion vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
Deltek Maconomy 2.2.5
1 EDB exploit
9.8
CVSSv3
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2014-9186
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution...
Honeywell Experion Process Knowledge System
9.8
CVSSv3
CVE-2019-6714
An issue exists in BlogEngine.NET up to and including 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is espe...
Blogengine Blogengine.net
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2018-17246
Kibana versions prior to 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitra...
Elastic Kibana
Redhat Openshift Container Platform 3.11
4 Github repositories
9.8
CVSSv3
CVE-2018-19410
PRTG Network Monitor prior to 18.2.40.1683 allows remote unauthenticated malicious users to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /...
Paessler Prtg Network Monitor
2 Github repositories
9.8
CVSSv3
CVE-2018-16283
The Wechat Broadcast plugin 1.2.0 and previous versions for WordPress allows Directory Traversal via the Image.php url parameter.
Wechat Brodcast Project Wechat Brodcast
1 EDB exploit
3 Github repositories
9.8
CVSSv3
CVE-2018-15484
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
Kone Group Controller Firmware
9.8
CVSSv3
CVE-2016-9482
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel
Jqueryform Php Formmail Generator -
9.8
CVSSv3
CVE-2016-9483
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclu...
Jqueryform Php Formmail Generator -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »