Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-30 | CVE-2019-15839 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Shaosina Sina Extension for Elementor The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | 7.5 |
| 2019-07-14 | CVE-2019-13589 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Anjlab Paranoid2 1.1.6 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
| 2019-07-11 | CVE-2019-4263 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. | 4.3 |
| 2019-04-29 | CVE-2019-11591 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2019-04-29 | CVE-2019-11590 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2019-03-15 | CVE-2019-9829 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Maccms 10.0 Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. | 8.8 |
| 2018-12-20 | CVE-2018-17246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. | 9.8 |
| 2018-11-28 | CVE-2018-12120 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nodejs Node.Js Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. | 8.1 |
| 2018-10-29 | CVE-2018-18387 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Playsms Project Playsms playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | 8.8 |
| 2018-09-07 | CVE-2018-15486 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Kone Group Controller Firmware An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. | 9.1 |