CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-33408 319 File Inclusion 2021-05-27 2021-06-08
4.0
None Remote Low ??? Partial None None
Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.
2 CVE-2021-32100 File Inclusion 2021-05-07 2021-05-14
4.0
None Remote Low ??? Partial None None
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
3 CVE-2021-31783 345 File Inclusion 2021-04-26 2021-05-04
5.0
None Remote Low Not required Partial None None
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.
4 CVE-2021-30173 36 File Inclusion 2021-05-07 2021-05-18
4.0
None Remote Low ??? Partial None None
Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.
5 CVE-2021-27236 94 Exec Code File Inclusion 2021-02-16 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.
6 CVE-2021-24242 22 Dir. Trav. File Inclusion 2021-04-22 2021-04-30
5.5
None Remote Low ??? Partial Partial None
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
7 CVE-2021-23340 22 Dir. Trav. File Inclusion 2021-02-18 2021-02-25
5.5
None Remote Low ??? Partial Partial None
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.
8 CVE-2020-35942 352 Exec Code XSS Bypass CSRF File Inclusion 2021-02-09 2021-02-12
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
9 CVE-2020-35580 522 File Inclusion 2021-05-20 2021-05-28
5.0
None Remote Low Not required Partial None None
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
10 CVE-2020-35566 706 File Inclusion 2021-02-16 2021-02-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.
11 CVE-2020-23996 Exec Code File Inclusion 2021-05-13 2021-05-21
6.5
None Remote Low ??? Partial Partial Partial
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
12 CVE-2020-23161 22 Dir. Trav. File Inclusion 2021-01-26 2021-03-30
4.0
None Remote Low ??? Partial None None
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
13 CVE-2020-22474 732 File Inclusion 2021-02-22 2021-03-01
4.0
None Remote Low ??? Partial None None
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
14 CVE-2020-19360 200 +Info File Inclusion 2021-01-20 2021-01-22
5.0
None Remote Low Not required Partial None None
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
15 CVE-2020-13550 22 Dir. Trav. File Inclusion 2021-02-17 2021-02-19
4.0
None Remote Low ??? Partial None None
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
16 CVE-2017-17674 918 Exec Code File Inclusion 2021-05-19 2021-05-25
7.5
None Remote Low Not required Partial Partial Partial
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
Total number of vulnerabilities : 16   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.