Skip to main content

LFI

1172 CVEs technique

Monthly

CVE-2020-5295 PHP MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure LFI PHP October
NVD GitHub Exploit-DB
CVSS 3.1
4.9
EPSS
7.4%
CVE-2019-5479 npm HIGH POC PATCH This Week

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP LFI RCE Larvitbase
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 7% CVSS 4.9
MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure LFI PHP +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP LFI RCE +1
NVD
Prev Page 14 of 14

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy