CVE-2014-9185

Summary (CVE-2014-9185): Morfy CMS v1.05 contains a remote code execution vulnerability in the install.php process. The vulnerability arises because the installation logic writes a config.php file based on the POST parameter site_url, enabling an authenticated attacker to inject arbitrary PHP cod...

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

CVE-2014-5194

Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...

CVE-2012-6046

The CVE-2012-6046 entry concerns a static code injection in admin/banners.php of PHP Enter, allowing remote attackers to inject arbitrary PHP code into horad.php via the code parameter. Connected sources confirm the same description and indicate a high-severity impact (complete confidentiality, i...

CVE-2012-5304

Summary: CVE-2012-5304 refers to a static code injection vulnerability in the YVS Image Gallery, specifically in administration/install.php, allowing remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. The vulnerability is noted to occur when admin...

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

Code injection

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

CVE-2011-5147 affects FreeWebshop 2.2.9 R2 and earlier, specifically the Ajax File Manager module (tinymce plugin). The vulnerability is a static code injection in ajax_save_name.php that lets remote attackers inject arbitrary PHP into data.php via a selected document, shown by a sequence involvi...

CVE-2011-4337

The CVE affects Support Incident Tracker (SiT!) versions 3.45–3.65, where translate.php contains a static code injection flaw. An attacker can supply a crafted lang parameter to inject arbitrary PHP code into an executable language file within the i18n directory. The provided documents do not spe...

CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable...

CVE-2011-4825

CVE-2011-4825 describes a static code injection vulnerability in the file inc/function.base.php of the Ajax File and Image Manager (used in various products). The flaw allows remote attackers to inject arbitrary PHP code into the file data.php via crafted parameters. Affected versions include Aja...

CVE-2011-4825

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...

Code injection

Static code injection vulnerability in install.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107config.php via a crafted MySQL server name...

CVE-2011-1513

The CVE-2011-1513 entry concerns e107 CMS prior to 0.7.24 where the installation script is not removed, enabling a remote attacker to inject PHP via a crafted MySQL server name and overwrite e107_config.php. Core Security’s advisory CORE-2011-0810 documents OS command injection with code executio...

CVE-2011-1513

Static code injection vulnerability in install.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107config.php via a crafted MySQL server name...

Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

phpMyAdmin 3.x Multiple Remote Code Executions

No description provided by source. File: libraries/auth/swekey/swekey.auth.lib.php Lines: 266-276 Patched in: 3.3.10.2 and 3.4.3.1 Type: Variable Manipulation Assigned CVE id: CVE-2011-2505 PMA Announcement-ID: PMASA-2011-5 266 if strstr$SERVER'QUERYSTRING','sessiontounset' != false 267 268...