CVE-2018-12912

HongCMS 3.0.0 contains a SQL Injection vulnerability in admin/controllers/database.php, exploitable via the request admin/index.php/database/operate?dbaction=emptytable&tablename= (URI). Public exploit/activity references show an authenticated/remote-exploit path using this parameter to inject SQ...

Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...

Arbitrary file deletion vulnerability in database.php of Ubiquitous 365 website classification and navigation system

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. Uke365 website classification navigation system database.php arbitrary file deletion...

efront <= 3.5.4 (database.php path) Remote File Inclusion Vulnerability

No description provided by source. efront = 3.5.4 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/efrontlearning/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA file : database.php line 15...

eFront <= 3.5.4 'database.php' RFI Vulnerability

eFront is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...

efront 3.5.4 Remote File Inclusion

efront = 3.5.4 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/efrontlearning/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA file : database.php line 15 requireonce$path.'adodb/adodb.inc.php'; 3xplo!t :...

efront <= 3.5.4 (database.php path) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================= efront = 3.5.4 database.php path Remote File Inclusion Vulnerability ======================================================================= efront = 3.5.4 Remote File...

efront 3.5.4 - &#039;database.php?path&#039; Remote File Inclusion

efront = 3.5.4 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/efrontlearning/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA file : database.php line 15 requireonce$path.'adodb/adodb.inc.php'; 3xplo!t :...

efront &lt;= 3.5.4 (database.php path) Remote File Inclusion Vulnerability

No description provided by source. efront = 3.5.4 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/efrontlearning/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA file : database.php line 15...

efront 3.5.4 - database.php?path Remote File Inclusion

efront 3.5.4 - database.php?path Remote File Inclusion efront = 3.5.4 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/efrontlearning/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA file : database.php line 15...

CVE-2009-2159

CVE-2009-2159 affects TorrentTrader Classic 1.09. The vulnerability is in the backup-database.php script, which does not require administrative authentication. This allows remote attackers to trigger creation and retrieval of a backup database by making a direct request and then downloading a .gz...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

SourceForge database.php远程文件包含漏洞

SourceForge是用于协助开源软件开发的在线Web应用。 SourceForge在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 SourceForge的 include/database.php 脚本没有对sysdbtype变量数据做充分的检查过滤，远程攻击者可能利用此漏洞使服务器包含远程服务器上的PHP代码执行。 sourceforge SourceForge 1.0.4 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

CVE-2006-1097

Multiple cross-site scripting XSS vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to 1 infodb.php or 2 database.php...

CVE-2006-1094

CVE-2006-1094 affects Woltlab Burning Board; the OpenVAS/NVD entries describe a SQL injection in the Database module. The vulnerable component is the Database module’s handling of the fileid parameter in info_db.php (and related database.php), which can allow remote SQL injection. The documents d...

CVE-2006-1097

Multiple cross-site scripting XSS vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to 1 infodb.php or 2 database.php...

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...