707 matches found
PT-2007-3782 · Pixaria · Pixaria Gallery
Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions prior to 1.4.3 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the cfgsysbase path parameter to scripts such as psg.smarty.lib.php and certain include and...
CVE-2007-2329
PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the path parameter to library/adodb/adodb.inc.php, 2 the abspatheditor parameter to library/editor/editor.php, or 3 the cfgfiletoload parameter to...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...
PT-2007-3439 · Openconcept · Openconcept Back-End Cms
Name of the Vulnerable Software and Affected Versions: OpenConcept Back-End CMS version 0.4.7 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs...
CVE-2007-2049
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module comcalendar 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 comcalendar.php or 2 modcalendar.php...
CVE-2007-1987
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php...
CVE-2006-7130
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter, a different vector than CVE-2006-6770...
PT-2007-1294 · Jobline · Jobline
Name of the Vulnerable Software and Affected Versions: Jobline version 1.1.1 Description: A remote file inclusion issue exists, allowing remote attackers to execute arbitrary code via a URL in the mosConfig absolute path parameter in the admin.jobline.php script. Recommendations: For Jobline...
CVE-2007-0584
CVE-2007-0584 affects the PhP Generic Library & Framework for comm (G-neric) via the file membres/membreManager.php. The vulnerability is a remote file inclusion that allows an attacker to place a URL in the include_path parameter, leading to remote code execution on the affected system. Document...
PT-2007-1732 · Naig · Naig
Name of the Vulnerable Software and Affected Versions: Naig versions 0.5.2 and earlier Description: A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code via a URL in the this path parameter. However, a reliable third party disputes this issue, stating...
CVE-2006-6232
CVE-2006-6232 describes a PHP remote file inclusion vulnerability in DreamAccount 3.1, affecting admin/index.php via a URL in the path parameter. The underlying issue is a RFI in the path handling, allowing an attacker to execute arbitrary PHP code on the server. Documented impact is partial conf...
PT-2006-6801 · Active Php · Active Php Bookmarks
Name of the Vulnerable Software and Affected Versions: Active PHP Bookmarks version 1.1.02 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the APB SETTINGS'apb path' parameter in 1 apb common.php or 2 apb.php. However, it is noted that the PHP scripts exi...
PT-2006-6481 · Unknown · Advanced Guestbook
Name of the Vulnerable Software and Affected Versions: Advanced Guestbook version 2.3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter in the admin.php file. Recommendations: For Advanced Guestbook version 2.3.1, consider...
PT-2006-6422 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3.2 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters in different PHP files, including the section parameter in "documentation/common/frame toc.php" a...
CVE-2006-5543
PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database PGOSD, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...
MCGalleryPRO random2.php远程文件包含漏洞
mcGalleryPRO是一款图片收藏管理程序。 mcGalleryPRO的random2.php文件没有正确过滤对pathtofolder参数的输入,允许攻击者通过包含本地或外部资源的任意文件执行PHP代码。 random2.php中有漏洞的代码如下: if !empty$SERVER extract$SERVER, EXTROVERWRITE; if !empty$GET extract$GET, EXTROVERWRITE; if !empty$POST extract$POST, EXTROVERWRITE; if !empty$COOKIE extract$COOKIE,...
PT-2006-6178 · Hinton Design · Phpht Topsites
Name of the Vulnerable Software and Affected Versions: Hinton Design phpht Topsites affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpht real path parameter to certain scripts, including 1 'index.php', 2 other scripts ...