Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-35629 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wow-Company Easy Digital Downloads 1.0.2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | 9.8 |
| 2023-12-23 | CVE-2023-6971 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. | 9.8 |
| 2023-10-30 | CVE-2023-45798 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Yettiesoft Vestcert 2.3.6/2.5.29 In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. | 9.8 |
| 2023-10-26 | CVE-2023-33559 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ocomon Project Ocomon 3.3/4.0 A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | 8.8 |
| 2023-10-20 | CVE-2023-4488 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Hynotech Dropbox Folder Share 1.9.7 The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. | 9.8 |
| 2023-10-20 | CVE-2023-5523 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in M-Files web Companion 23.8 Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution | 7.8 |
| 2023-09-05 | CVE-2023-2453 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHP-Fusion PHPfusion There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. | 8.8 |
| 2023-08-31 | CVE-2023-31168 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Selinc Sel-5030 Acselerator Quickset 7.1.3.0 An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 6.5 |
| 2023-08-31 | CVE-2023-31170 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Selinc Sel-5030 Acselerator Quickset 7.1.3.0 An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 6.5 |
| 2023-07-03 | CVE-2023-36609 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ovarro products The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. | 7.2 |