CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

Code injection

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...

CVE-2008-2195

DeluxeBB 1.2 and earlier are affected by a static code injection vulnerability in admincp.php. The issue allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI, enabling partial impact to integrity and possibly other areas as per the CVSS metrics. No ...

CVE-2008-1860

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6082

Direct static code injection vulnerability in Sciurus Hosting Panel, affecting acp/savenews.php (possibly version 2.0.3). The issue lets an attacker inject arbitrary PHP code via the filecontents parameter, which can be executed when accessing includes/news.php. Root cause: improper handling of f...

Code injection

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php...

CVE-2007-5772

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

CVE-2002-2319

CVE-2002-2319 affects MySimpleNews: a static code injection vulnerability in users.php allows remote attackers to inject arbitrary PHP code and HTML via the LOGIN, DATA, and MESS parameters, which are inserted into news.php3. This indicates input handling flaws that enable arbitrary code executio...

CVE-2007-5492

SiteBar (translation module, translator.php) is affected by CVE-2007-5492: a static code injection vulnerability that lets remote authenticated users execute arbitrary PHP code via the value parameter. The issue is part of a set of related flaws in the translation module (also CVE-2007-5491, CVE-...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

CVE-2007-2647

CVE-2007-2647 affects Monalbum 0.8.7. A static code injection vulnerability in admin/admin_configuration.php allows remote authenticated users to inject arbitrary PHP code into conf/config.inc.php by manipulating one of 28 parameters (e.g., gadm_pass, gadm_user, gcfgBase, etc.). The NVD entry doc...

CVE-2007-2371

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

CVE-2007-2168

CVE-2007-2168 affects AimStats 3.2 and earlier. A static code injection in process.php allows remote attackers to inject PHP code into config.php via the databasehost parameter, enabling potential config tampering and partial system compromise. No remediation details are provided in the linked do...

CVE-2007-2167

The CVE-2007-2167 issue affects AimStats 3.2 and is caused by a vulnerability in process.php where the number parameter in an update action allows remote attackers to inject PHP code into config.php. This is a static code injection scenario that could enable arbitrary code execution in the PHP en...

CVE-2007-2169

CVE-2007-2169 describes a static code injection vulnerability in Mozzers SubSystem 1.0, specifically in add.php. The issue allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url fields. An earlier report suggests the add action can also be reached through a r...

Code injection

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter...