The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attack...
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HT...