bubbling library v1.32 is vulnerable to multiple Local File Inclusion vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The attacker can include a local file on the server by using the vulnerable parameters page, tpl, uri, etc. This can lead to the disclosure of sensitive information such as system and application data, and may lead to further attacks.
Liquid-Silver CMS is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to read and execute arbitrary files on the server. The attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious input to the vulnerable application. The attacker can use the 'update' parameter to read and execute arbitrary files on the server. The attacker does not need to specify the file extension in the request.
Lama Software kostenlos is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Small Axe Weblog 0.3.1 is vulnerable to a remote file include vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'cfile' parameter of the 'linkbar.php' script. An attacker can exploit this vulnerability by sending a malicious URL in the 'cfile' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
Gradman <= 0.1.3 is vulnerable to a Local File Inclusion vulnerability. This vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable server. By exploiting this vulnerability, an attacker can gain access to sensitive information such as the /etc/passwd file. The vulnerable parameter is the 'tabla' parameter in the 'info.php' script.
A vulnerability exists in Mini File Host version 1.2 which allows an attacker to include local files on the server. This is done by manipulating the 'language' parameter in the 'upload.php' script. An attacker can exploit this vulnerability to include arbitrary files from the server, such as configuration files containing database credentials, or even to execute arbitrary code.
Gradman is vulnerable to a local file inclusion vulnerability. This vulnerability is caused due to the improper validation of user-supplied input in the 'tabla' parameter of the 'agregar_info.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary code on the vulnerable system.
Aria has Local File Include vulnerability in page arias/help/effect.php. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a specially crafted URL to the vulnerable server. The URL contains the page parameter with the value of the file to be included.
vcart version 3.3.2 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
DomPHP v0.81 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted URL with a malicious file as a parameter. The malicious file is then included and executed on the vulnerable server.
Services By CQR