Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-45798 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Yettiesoft Vestcert 2.3.6/2.5.29 In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. | 9.8 |
| 2023-10-26 | CVE-2023-33559 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ocomon Project Ocomon 3.3/4.0 A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | 8.8 |
| 2023-10-20 | CVE-2023-4488 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Hynotech Dropbox Folder Share 1.9.7 The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. | 9.8 |
| 2023-10-20 | CVE-2023-5523 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in M-Files web Companion 23.8 Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution | 7.8 |
| 2023-09-05 | CVE-2023-2453 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHP-Fusion PHPfusion There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. | 8.8 |
| 2023-08-31 | CVE-2023-31168 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Selinc Sel-5030 Acselerator Quickset 7.1.3.0 An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 6.5 |
| 2023-08-31 | CVE-2023-31170 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Selinc Sel-5030 Acselerator Quickset 7.1.3.0 An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 6.5 |
| 2023-07-03 | CVE-2023-36609 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ovarro products The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. | 7.2 |
| 2023-06-09 | CVE-2023-2249 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. | 8.8 |
| 2023-05-05 | CVE-2023-2551 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Bumsys Project Bumsys PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | 8.8 |