Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
local file inclusion vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-9618
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
Gracemedia Media Player Project Gracemedia Media Player 1.0
1 EDB exploit
NA
CVE-2008-6222
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote malicious users to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
Joomlashowroom Pro Desk Support Center 1.0
Joomlashowroom Pro Desk Support Center 1.2
2 EDB exploits
NA
CVE-2008-6316
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-...
Phpmygallery Phpmygallery 1.0
2 EDB exploits
NA
CVE-2007-5802
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by ...
Firewolf Technologies Synergiser
2 EDB exploits
NA
CVE-2008-6317
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be t...
Phpmygallery Phpmygallery 1.5
2 EDB exploits
7.5
CVSSv3
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin up to and including 1.1.1 for WordPress allows remote malicious users to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path tra...
Siteeditor Site Editor
1 EDB exploit
4 Github repositories
8.8
CVSSv3
CVE-2018-12613
An issue exists in phpMyAdmin 4.8.x prior to 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pa...
Phpmyadmin Phpmyadmin
3 EDB exploits
17 Github repositories
NA
CVE-2009-3702
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote malicious users to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leverage...
Php-calendar Php-calendar 1.1
2 EDB exploits
8.6
CVSSv3
CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Lg Supersign Cms 2.5
1 EDB exploit
NA
CVE-2013-5756
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
Yealink Sip-t38g -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »