CVE-2007-2007

CVE-2007-2007 affects admin.php in pL-PHP beta 0.9. The vulnerability allows remote attackers to bypass authentication by setting the is_admin parameter to 1, enabling unauthorized access. The NVD entry assigns a CVSS v2 base score of 7.5 (HIGH) with Network attack vector, Low attack complexity, ...

CVE-2007-2008

CVE-2007-2008 is a directory traversal vulnerability in pL-PHP beta 0.9 (admin.php) allowing remote attackers to include and execute arbitrary local files via a .. in the lang parameter. The NVD entry confirms the vulnerability and impact (partial confidentiality, integrity, and availability affe...

CVE-2007-2007

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the isadmin parameter to 1...

CVE-2007-2008

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2007-2000

CVE-2007-2000 affects Crea-Book 1.0 and earlier. The vulnerability is multiple SQL injection flaws in admin/admin.php, exploitable via the (1) pseudo or (2) passe parameter, allowing remote attackers to run arbitrary SQL commands. The description in the connected documents confirms this vector an...

slaed-rfi.txt

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

Remot File Include In SLAED_CMS_2

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

CVE-2006-7173

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted optionnewreportwday parameter in a preferenze action, which can be later accessed via option/php-stats-options.php...

Lazarus Guestbook (admin.php)Remote File Include Expliot

Lazarus Guestbook admin.phpRemote File Include Expliot D.Script: http://www.carbonize.co.uk Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" Discovered by Crackman Homepage: http://www.b0rizq.biz Greetz To :B0rizq & redcasper & Draknaz kaiba & brokenproxy and all freind Exploit:...

CVE-2006-7101

The CVE-2006-7101 entry concerns PHPWind versions 5.0.1 and earlier where the admin.php component is vulnerable to SQL injection via the AdminUser cookie. The root cause is improper handling of the cookie leading to arbitrary SQL execution by remote attackers, with a high impact (base score 7.5)....

CVE-2006-7074

CVE-2006-7074 affects SmartSiteCMS 1.0. The vulnerability is in admin.php, allowing remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. The connected documents confirm the flaw but do not provide exploitation steps, a broader impact beyond a...

CVE-2006-7014

CVE-2006-7014 affects BloggIT 1.01 and earlier. The issue is that admin.php does not properly establish a user session, enabling remote attackers to gain privileges via a direct request. The available connected documents confirm the affected software and the root cause (improper session establish...

CVE-2006-7014

admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request...

CVE-2007-0835

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...

CVE-2007-0835

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2007-0567

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2007-0567

The CVE-2007-0567 issue is an XSS vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5, exploitable via the _p parameter in admin.php. The root cause is unsanitized input leading to injection of arbitrary script/HTML. CVSS v2 base score is 6.8 (MEDIUM) with partial impacts on confi...

CVE-2007-0567

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...