• Apache Axis2 contains a flaw that may allow a remote attacker to access arbitrary files. A remote attacker could send a specially-crafted URL request using the xsd parameter to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server.

• Upgrade to the latest version of Apache Axis2. This issue was fixed in Apache Axis2 version 1.4.1.

• • Apache Axis2 local file inclusion
  • Local File Inclusion Vulnerability on parsing WSDL related XSD Files

• 

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• File Inclusion

• WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
• Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)
• WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
• WordPress Plugin Site Editor-WordPress Site Builder-Theme Builder and Page Builder Local File Inclusion (1.1.1)
• WordPress Plugin XCloner-Backup and Restore 'config' Parameter Local File Inclusion (3.0.3)