Vulnerabilities > Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

DATE CVE VULNERABILITY TITLE RISK
2024-11-21 CVE-2024-10898 The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function.
network
low complexity
CWE-98
8.8
2024-10-29 CVE-2024-10436 The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function.
network
low complexity
CWE-98
8.8
2024-10-26 CVE-2024-8392 The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter.
network
low complexity
CWE-98
7.2
2024-01-15 CVE-2024-0315 PHP Remote File Inclusion vulnerability in Fireeye Central Management 9.1.1.956704
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704.
local
low complexity
fireeye CWE-98
7.8
2023-12-21 CVE-2023-49084 PHP Remote File Inclusion vulnerability in Cacti 1.2.25
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
network
low complexity
cacti CWE-98
8.8
2023-08-06 CVE-2023-4195 PHP Remote File Inclusion vulnerability in Agentejo Cockpit
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
network
low complexity
agentejo CWE-98
8.8
2022-12-18 CVE-2022-4606 PHP Remote File Inclusion vulnerability in Flatpress
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
network
low complexity
flatpress CWE-98
critical
9.8