CVE-2021-39433

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. (CVSS:0.0) (Closing Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|File Inclusion|

CVE-2021-37348

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. (CVSS:5.0) (Concluding Update:2021-08-23)

2021-08-12T20:00:00-04:00August 12th, 2021|File Inclusion|

CVE-2021-25447

Improper accession control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. (CVSS:5.0) (Concluding Update:2021-08-12)

2021-08-04T20:00:00-04:00August 4th, 2021|File Inclusion|

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. (CVSS:7.5) (Closing Update:2021-08-27)

2021-08-01T20:00:00-04:00August 1st, 2021|File Inclusion|

CVE-2021-24453

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure (CVSS:9.0) (Closing Update:2021-08-11)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|

CVE-2021-24447

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard (CVSS:5.0) (Terminal Update:2021-07-28)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|

CVE-2021-21804

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. (CVSS:7.5) (Closing Update:2021-07-28)

2021-07-15T20:00:00-04:00July 15th, 2021|File Inclusion|

CVE-2021-36123

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. (CVSS:4.0) (Closing Update:2021-07-15)

2021-07-12T20:00:00-04:00July 12th, 2021|File Inclusion|

CVE-2021-25438

Improper accession control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. (CVSS:4.6) (Last Update:2021-07-12)

2021-07-07T20:00:00-04:00July 7th, 2021|File Inclusion|
Go to Top