header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

The Wordpress Canto plugin before 3.0.5 is vulnerable to Remote File Inclusion (RFI) through the 'wp_abspath' parameter, allowing unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled. The issue arises from the improper handling of the 'wp_abspath' variable in the 'download.php' code.

Local File Inclusion in WordPress WP Rocket Plugin

The Local File Inclusion vulnerability in WordPress WP Rocket Plugin allows an attacker to include local files from the target website, potentially exposing sensitive information like database credentials and enabling a complete database takeover. This issue was fixed in version 2.10.4.

WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

The Canto plugin for WordPress versions up to 3.0.4 is vulnerable to Remote File Inclusion (RFI) via the 'wp_abspath' parameter. This allows unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled.

Joomla component com_universal <= Remote File Inclusion Vulnerability exploit

The Joomla component com_universal (UWCMS Universal Web CMS) version 1.0.0 is vulnerable to remote file inclusion. The vulnerability is present in the 'config.html.php' file, where the 'mosConfig_absolute_path' parameter is not properly validated before being used in a require_once() function. An attacker can exploit this vulnerability by injecting a malicious URL in the 'mosConfig_absolute_path' parameter, allowing them to include and execute arbitrary files on the server.

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability

The vulnerability is caused by the lack of proper sanitization of the variable $_SERVER["DOCUMENT_ROOT"] in multiple PHP files. An attacker can exploit this vulnerability by injecting a malicious file path in the DOCUMENT_ROOT parameter to execute arbitrary remote files.

Banana Dance PHP File Inclusion, Improper Access Control, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Banana Dance allow for gaining access to sensitive information, performing SQL injection attacks, and compromising the vulnerable system. The PHP File Inclusion vulnerability (CVE-2012-5242) allows for arbitrary file inclusion via improper verification of input passed via the 'name' POST parameter in '/functions/ajax.php'. The Improper Access Control vulnerability (CVE-2012-5243) allows unauthenticated users to access the '/functions/suggest.php' script and read arbitrary information from the database.

Recent Exploits: