| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in Grecko <= 5.17 versions. |
| Unauthenticated Local File Inclusion in WineShop <= 3.17 versions. |
| Unauthenticated Local File Inclusion in Choreo <= 1.6 versions. |
| Unauthenticated Local File Inclusion in Eros <= 1.3 versions. |
| Unauthenticated Local File Inclusion in Spike <= 1.2 versions. |
| Unauthenticated Local File Inclusion in ITactics <= 1.0 versions. |
| Unauthenticated Local File Inclusion in Solene <= 3.4 versions. |
| Unauthenticated Local File Inclusion in Getaway < 1.8 versions. |
| Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions. |
| Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. |
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. |
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. |
| Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. |
| Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions. |
| Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigger an exception during plugin installation to bypass sanitization routines, causing malicious paths to be stored unsanitized and subsequently passed to include(), which combined with file upload functionality escalates to arbitrary code execution in the context of the web server user. |
| WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials. |
| The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter before it is used in an `include()` path in the `recover_exit()` function. This makes it possible for unauthenticated attackers to perform path traversal and include unintended local PHP files, which can lead to sensitive information exposure and, in certain deployment chains, code execution. |
| Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.
This issue affects AcBakImzala: before v5.1.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion.
This issue affects Confidant: from n/a through 1.4. |