Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Sql-ledger Sql-ledger 2.8.24
760
VMScore
CVE-2014-4644
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Cacti Superlinks 1.4-2
2 EDB exploits
NA
CVE-2023-40630
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
Joomcode Jcdashboard
891
VMScore
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the L...
Sysaid Sysaid
668
VMScore
CVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Amodat Amodat
NA
CVE-2023-6020
LFI in Ray's /static/ directory allows malicious users to read any file on the server without authentication.
Ray Project Ray -
2 Articles
NA
CVE-2021-24566
The WooCommerce Currency Switcher FOX WordPress plugin prior to 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Pluginus Fox - Currency Switcher Professional For Woocommerce
NA
CVE-2023-37601
Office Suite Premium v10.9.1.42602 exists to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.
Mobisystems Office Suite 10.9.1.42602
NA
CVE-2024-1644
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
578
VMScore
CVE-2022-29445
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
Wow-estore Popup Box
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »