Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-37601
Office Suite Premium v10.9.1.42602 exists to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
Mobisystems Office Suite 10.9.1.42602
9.8
CVSSv3
CVE-2022-26646
Online Banking System Protect v1.0 exists to contain a local file inclusion (LFI) vulnerability via the pages parameter.
Banking System Project Banking System 1.0
5.3
CVSSv3
CVE-2021-26031
An issue exists in Joomla! 3.0.0 up to and including 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
7.2
CVSSv3
CVE-2022-29447
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
Wow-company Hover Effects
4.9
CVSSv3
CVE-2022-29448
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress.
Wow-estore Herd Effects
7.5
CVSSv3
CVE-2022-34121
Cuppa CMS v1.0 exists to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
Cuppacms Cuppacms 1.0
9.8
CVSSv3
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
Intesync Solismed 3.3
7.5
CVSSv3
CVE-2023-6023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
Vertaai Modeldb -
7.2
CVSSv3
CVE-2023-1124
The Shopping Cart & eCommerce Store WordPress plugin prior to 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.
Wpeasycart Wp Easycart
7.5
CVSSv3
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an malicious user to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora Fms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »