CVE-2015-6461

MEDIUM Year: 2015
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-98
View all →

Vulnerability Description

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

Related Vulnerabilities

CVE-2024-52386

MEDIUM
CVSS:5.3(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing al...

CWE-982024

CVE-2023-49031

MEDIUM
CVSS:5.1(Medium)

Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a cra...

CWE-982023

CVE-2020-5295

MEDIUM
CVSS:4.9(Medium)

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is...

CWE-982020

CVE-2023-23565

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

CWE-982023

CVE-2021-29113

MEDIUM
CVSS:4.7(Medium)

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

CWE-982021

CVE-2024-4359

MEDIUM
CVSS:6.5(Medium)

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and includ...

CWE-982024