local file inclusion vulnerabilities and exploits

(subscribe to this query)

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and previous versions allows remote malicious users to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters i...

Libra File Manager Php Filemanager Libra File Manager Php Filemanager 1.00 Libra File Manager Php Filemanager 1.03 Libra File Manager Php Filemanager 1.05 Libra File Manager Php Filemanager 1.08 Libra File Manager Php Filemanager 1.17

1 EDB exploit

Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and previous versions allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Galaxyscripts Mini File Host

2 EDB exploits

PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote malicious users to execute arbitrary PHP code via a URL in the LIBDIR parameter.

Local Calendar System Local Calendar System 1.1

1 EDB exploit

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by ...

Awesomephp Mega File Manager 1.0

1 EDB exploit

PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote malicious users to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequenc...

Yabsoft Mega File Hosting Script 1.2

1 EDB exploit

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to ...

Advancedfilemanager Advanced File Manager

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions a...

Jonashjalmarsson Html Filter And Csv-file Search

Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modi...

Laboratory For Optical And Computational Instrumentation Local Calendar System 1.1

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Nicolas Tormo Phppaleo

1 EDB exploit

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.

Wso2 Carbon 4.4.5

1 EDB exploit

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook