Tag

File-Inclusion

3 briefs RSS

Yii 2 Local File Inclusion via View Parameter Name Collision (CVE-2026-39850)

A local file inclusion vulnerability (CVE-2026-39850) exists in Yii 2 versions prior to 2.0.55 due to the `View::renderPhpFile()` method's handling of the `_file_` parameter, allowing attackers to read arbitrary files and potentially achieve remote code execution if they can write PHP files.

yii2 lfi file-inclusion php cloud

2r 1t May 11, 2026

high advisory

SourceCodester Leave Application System 1.0 File Inclusion Vulnerability (CVE-2026-5210)

2 rules 1 TTP 1 CVE 1 IOC

SourceCodester Leave Application System 1.0 is vulnerable to remote file inclusion (CVE-2026-5210) due to improper handling of the 'page' argument, potentially allowing attackers to execute arbitrary code.

cve-2026-5210 file-inclusion web-application

2r 1t 1c 1i Mar 31, 2026

high advisory

SmarterTools SmarterMail Local File Inclusion Vulnerability (CVE-2026-7807)

2 rules 1 TTP 1 CVE

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint (CVE-2026-7807) that allows authenticated users to read arbitrary .json files, potentially leading to credential compromise.

SmarterMail lfi file-inclusion credential-access

2r 1t 1c Jan 2, 2024