Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated malicious users to read sensitive files via a simple HTTP Request.
Eq-3 Cux-daemon
Eq-3 Ccu2 Firmware
9.8
CVSSv3
CVE-2021-26633
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
Maxb Maxboard
NA
CVE-2012-0297
The management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 does not properly restrict access to application scripts, which allows remote malicious users to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.2
4 EDB exploits
8.1
CVSSv3
CVE-2022-38258
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows malicious users to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.
Dlink Dir-819 Firmware 1.06
9.8
CVSSv3
CVE-2023-39699
IceWarp Mail Server v10.4.5 exists to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows malicious users to include or execute files from the local file system of the targeted server.
Icewarp Mail Server 10.4.5
7.5
CVSSv3
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
7.2
CVSSv3
CVE-2023-6295
The SiteOrigin Widgets Bundle WordPress plugin prior to 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
Siteorigin Siteorigin Widgets Bundle
7.5
CVSSv3
CVE-2019-3737
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
Dell Avamar Data Migration Enabler Web Interface 1.0.51
Dell Avamar Data Migration Enabler Web Interface 1.0.50
5.5
CVSSv3
CVE-2018-14573
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage prior to 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
Trms Tightrope Media Carousel Digital Signage
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »