The exploit allows an attacker to perform local file inclusion in Jenkins version 2.441. By exploiting this vulnerability, the attacker can read arbitrary files on the target system. This vulnerability has been assigned CVE-2024-23897.
The Wordpress Canto plugin before 3.0.5 is vulnerable to Remote File Inclusion (RFI) through the 'wp_abspath' parameter, allowing unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled. The issue arises from the improper handling of the 'wp_abspath' variable in the 'download.php' code.
The Local File Inclusion vulnerability in WordPress WP Rocket Plugin allows an attacker to include local files from the target website, potentially exposing sensitive information like database credentials and enabling a complete database takeover. This issue was fixed in version 2.10.4.
The Canto plugin for WordPress versions up to 3.0.4 is vulnerable to Remote File Inclusion (RFI) via the 'wp_abspath' parameter. This allows unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled.
The vulnerability allows an attacker to include files from a remote server, potentially leading to remote code execution or information disclosure.
The PHP-Nuke-8.1-seo-Arabic script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file through the 'newlang' parameter in the 'mainfile.php' or the 'ThemeSel' parameter in the 'index.php' file.
The Joomla component com_universal (UWCMS Universal Web CMS) version 1.0.0 is vulnerable to remote file inclusion. The vulnerability is present in the 'config.html.php' file, where the 'mosConfig_absolute_path' parameter is not properly validated before being used in a require_once() function. An attacker can exploit this vulnerability by injecting a malicious URL in the 'mosConfig_absolute_path' parameter, allowing them to include and execute arbitrary files on the server.
The vulnerability is caused by the lack of proper sanitization of the variable $_SERVER["DOCUMENT_ROOT"] in multiple PHP files. An attacker can exploit this vulnerability by injecting a malicious file path in the DOCUMENT_ROOT parameter to execute arbitrary remote files.
Multiple vulnerabilities in Banana Dance allow for gaining access to sensitive information, performing SQL injection attacks, and compromising the vulnerable system. The PHP File Inclusion vulnerability (CVE-2012-5242) allows for arbitrary file inclusion via improper verification of input passed via the 'name' POST parameter in '/functions/ajax.php'. The Improper Access Control vulnerability (CVE-2012-5243) allows unauthenticated users to access the '/functions/suggest.php' script and read arbitrary information from the database.
The vulnerability allows an attacker to include arbitrary files from the server. By manipulating the 'wb_class_dir' parameter, an attacker can include a shell script and execute arbitrary commands on the server.