Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50497 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buynowdepot Advanced Online Ordering and Delivery Platform
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.
network
low complexity
buynowdepot CWE-829
critical
9.8
2024-10-18 CVE-2024-49243 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Jonvincentmendoza Dynamic Elementor Addons
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0.
network
low complexity
jonvincentmendoza CWE-829
8.8
2024-10-08 CVE-2024-30092 Windows Hyper-V Remote Code Execution Vulnerability
high complexity
CWE-829
8.0
2024-09-26 CVE-2022-49038 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-829
7.8
2024-08-30 CVE-2024-8252 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Codection Clean Login
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode.
network
low complexity
codection CWE-829
8.8
2024-08-21 CVE-2024-5762 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability.
network
high complexity
zen-cart CWE-829
8.1
2024-07-22 CVE-2024-29073 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ankiweb Anki 24.04
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04.
network
low complexity
ankiweb CWE-829
6.5
2024-06-10 CVE-2024-35650 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Melapress Login Security
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0.
network
low complexity
melapress CWE-829
7.2
2024-06-04 CVE-2024-35629 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wow-Company Easy Digital Downloads 1.0.2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.
network
low complexity
wow-company CWE-829
critical
9.8
2023-12-23 CVE-2023-6971 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Backupbliss Backup Migration
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header.
network
low complexity
backupbliss CWE-829
critical
9.8