Local File Inclusion

A file inclusion vulnerability is a type of web vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time

References:

  1. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
  2. https://en.wikipedia.org/wiki/File_inclusion_vulnerability

List of Local File Inclusion Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : wp-amasin-the-amazon-affiliate-shop 0.9.6 Anantshri 2014/05/29 Unauthenticated CVE-2014-4577
wp-plugin : cross-rss 1.7 Anantshri 2014/05/29 Unauthenticated CVE-2014-4941
wp-plugin : tom-m8te 1.5.3 Anantshri 2014/05/28 Unauthenticated Not Assigned
wp-plugin : lastfm-rotation 1 Anantshri 2014/05/28 Unauthenticated Not Assigned
wp-plugin : bookx 1.7 Anantshri 2014/05/28 Unauthenticated CVE-2014-4937
wp-plugin : Tera-chart 0.1 Anantshri 2014/05/28 Unauthenticated CVE-2014-4940