8.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
WordPress Flexi – Guest Submit Plugin <= 4.28 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit allows PHP Local File Inclusion. This issue affects Flexi – Guest Submit: from n/a through 4.28.
References
Affected products
- =<4.28
Matching in nixpkgs
pkgs.python312Packages.pyflexit
Python library for Flexit A/C units
-
nixos-unstable -
- nixpkgs-unstable 0.3
pkgs.python313Packages.pyflexit
Python library for Flexit A/C units
-
nixos-unstable -
- nixpkgs-unstable 0.3
pkgs.sbclPackages.flexi-streams
None
-
nixos-unstable -
- nixpkgs-unstable 20241012-git
pkgs.haskellPackages.flexible-unlit
A configurable reimplementation of unlit
-
nixos-unstable -
- nixpkgs-unstable 0.2013.314.0
pkgs.python312Packages.flexit-bacnet
Client BACnet library for Flexit Nordic series of air handling units
-
nixos-unstable -
- nixpkgs-unstable 2.2.3
pkgs.python313Packages.flexit-bacnet
Client BACnet library for Flexit Nordic series of air handling units
-
nixos-unstable -
- nixpkgs-unstable 2.2.3
pkgs.haskellPackages.flexible-defaults
Generate default function implementations for complex type classes
-
nixos-unstable -
- nixpkgs-unstable 0.0.3
pkgs.terraform-providers.flexibleengine
None
-
nixos-unstable -
- nixpkgs-unstable 1.46.0
pkgs.haskellPackages.flexible-numeric-parsers
Flexible numeric parsers for real-world programming languages
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.home-assistant-component-tests.flexit_bacnet
Open source home automation that puts local control and privacy first
-
nixos-unstable -
- nixpkgs-unstable 2025.9.3
pkgs.python312Packages.azure-mgmt-mysqlflexibleservers
Microsoft Azure Mysqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.0.0b2
pkgs.python313Packages.azure-mgmt-mysqlflexibleservers
Microsoft Azure Mysqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.0.0b2
pkgs.python312Packages.azure-mgmt-postgresqlflexibleservers
Microsoft Azure Postgresqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.python313Packages.azure-mgmt-postgresqlflexibleservers
Microsoft Azure Postgresqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.tests.hooks.default-stdenv-hooks.no-broken-symlinks.pass-reflexive-symlink-absolute-allowed
None
pkgs.tests.hooks.default-stdenv-hooks.no-broken-symlinks.pass-reflexive-symlink-relative-allowed
None
pkgs.tests.stdenv.structuredAttrsByDefault.hooks.no-broken-symlinks.fail-reflexive-symlink-absolute
None
pkgs.tests.stdenv.structuredAttrsByDefault.hooks.no-broken-symlinks.fail-reflexive-symlink-relative
None
Package maintainers
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@nagy Daniel Nagy <danielnagy@posteo.de>