| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. |
| Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. |
| CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11. |
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. |
| Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions. |
| Unauthenticated Local File Inclusion in Granola <= 1.13 versions. |
| Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions. |
| Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. |
| Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions. |
| Unauthenticated Local File Inclusion in Right Way <= 4.0 versions. |
| Unauthenticated Local File Inclusion in Gat <= 1.16 versions. |
| Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. |
| Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions. |
| Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions. |
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. |
| Unauthenticated Local File Inclusion in Etude <= 1.6 versions. |
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. |
| Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. |
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. |