| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. |
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Motors: from n/a through 1.4.109. |
| WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data. |
| WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data. |
| WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files. |
| WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code. |
| WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code. |
| Unauthenticated Local File Inclusion in Geya <= 1.15 versions. |
| Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions. |
| Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions. |
| Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions. |
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. |
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. |
| Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions. |
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. |
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. |
| Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions. |
| Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. |
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. |