| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp. |
| A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On. |
| Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request. |
| Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. |
| PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. |
| PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. |
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. |
| A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. |
| Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information. |
| This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server.
This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user interaction.
Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE
See the release notes (https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html). You can download the latest version of Bamboo Data Center and Server from the download center (https://www.atlassian.com/software/bamboo/download-archives).
This vulnerability was reported via our Bug Bounty program. |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. |
| AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. |
| PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. |
| Local File Inclusion vulnerabilities allow access to sensitive system information.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02 |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. |
| FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. |
