A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. (CVSS:0.0) (Closing Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|File Inclusion|


Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. (CVSS:5.0) (Concluding Update:2021-08-23)

2021-08-12T20:00:00-04:00August 12th, 2021|File Inclusion|


Improper accession control vulnerability in SmartThings prior to version allows untrusted applications to cause local file inclusion in webview. (CVSS:5.0) (Concluding Update:2021-08-12)

2021-08-04T20:00:00-04:00August 4th, 2021|File Inclusion|


The OnAir2 WordPress theme before and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. (CVSS:7.5) (Closing Update:2021-08-27)

2021-08-01T20:00:00-04:00August 1st, 2021|File Inclusion|


The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure (CVSS:9.0) (Closing Update:2021-08-11)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|


The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard (CVSS:5.0) (Terminal Update:2021-07-28)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|


A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. (CVSS:7.5) (Closing Update:2021-07-28)

2021-07-15T20:00:00-04:00July 15th, 2021|File Inclusion|


An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. (CVSS:4.0) (Closing Update:2021-07-15)

2021-07-12T20:00:00-04:00July 12th, 2021|File Inclusion|


Improper accession control vulnerability in Samsung Members prior to versions in Android O(8.1) and below, and in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. (CVSS:4.6) (Last Update:2021-07-12)

2021-07-07T20:00:00-04:00July 7th, 2021|File Inclusion|
Go to Top