| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in Solene <= 3.4 versions. |
| Unauthenticated Local File Inclusion in Getaway < 1.8 versions. |
| Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions. |
| Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. |
| Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions. |
| Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigger an exception during plugin installation to bypass sanitization routines, causing malicious paths to be stored unsanitized and subsequently passed to include(), which combined with file upload functionality escalates to arbitrary code execution in the context of the web server user. |
| WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials. |
| The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter before it is used in an `include()` path in the `recover_exit()` function. This makes it possible for unauthenticated attackers to perform path traversal and include unintended local PHP files, which can lead to sensitive information exposure and, in certain deployment chains, code execution. |
| Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.
This issue affects AcBakImzala: before v5.1.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion.
This issue affects Confidant: from n/a through 1.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion.
This issue affects Accordion FAQ: from n/a through 2.2.1. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion.
This issue affects Crafti: from n/a through 1.12. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion.
This issue affects Blueprint: from n/a before 1.1.5. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion.
This issue affects WaveRide: from n/a through 1.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion.
This issue affects Spin: from n/a through 1.8. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion.
This issue affects Fermentio: from n/a through 1.5.0. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion.
This issue affects Racquet: from n/a through 1.12.0. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion.
This issue affects Cookiteer: from n/a through 1.4.8. |
| When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. |
