Vulnerabilities > Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-10436 The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function.
network
low complexity
CWE-98
8.8
2024-10-26 CVE-2024-8392 The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter.
network
low complexity
CWE-98
7.2
2024-01-15 CVE-2024-0315 PHP Remote File Inclusion vulnerability in Fireeye Central Management 9.1.1.956704
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704.
local
low complexity
fireeye CWE-98
7.8
2023-12-21 CVE-2023-49084 PHP Remote File Inclusion vulnerability in Cacti 1.2.25
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
network
low complexity
cacti CWE-98
8.8
2023-08-06 CVE-2023-4195 PHP Remote File Inclusion vulnerability in Agentejo Cockpit
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
network
low complexity
agentejo CWE-98
8.8
2022-12-18 CVE-2022-4606 PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
network
low complexity
CWE-98
critical
9.8
2020-06-03 CVE-2020-5295 PHP Remote File Inclusion vulnerability in Octobercms October
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server.
network
low complexity
octobercms CWE-98
4.0