Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2025-04-15 CVE-2025-33026 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Peazip 9.4.0
In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability.
local
low complexity
peazip CWE-829
7.8
2025-04-15 CVE-2025-33027 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Bandisoft Bandizip
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability.
local
low complexity
bandisoft CWE-829
7.8
2025-02-21 CVE-2024-13353 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cyberchimps Responsive Addons for Elementor
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets.
network
low complexity
cyberchimps CWE-829
8.8
2025-01-07 CVE-2024-49649 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.
network
low complexity
buildapp CWE-829
critical
9.8
2024-12-31 CVE-2024-56216 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Themify Builder
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3.
network
low complexity
themify CWE-829
6.5
2024-10-28 CVE-2024-50497 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buynowdepot Advanced Online Ordering and Delivery Platform
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.
network
low complexity
buynowdepot CWE-829
critical
9.8
2024-10-18 CVE-2024-49243 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Jonvincentmendoza Dynamic Elementor Addons
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0.
network
low complexity
jonvincentmendoza CWE-829
8.8
2024-09-26 CVE-2022-49038 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-829
7.8
2024-08-30 CVE-2024-8252 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Codection Clean Login
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode.
network
low complexity
codection CWE-829
8.8
2024-08-21 CVE-2024-5762 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability.
network
high complexity
zen-cart CWE-829
8.1