CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

CVE-2007-2141

CVE-2007-2141 affects ShoutPro 1.5.2 and is a Direct static code injection vulnerability in shoutbox.php. An attacker can inject arbitrary PHP code into shouts.php via the shout parameter, enabling remote code execution. The underlying root cause is unsanitized input handling in shoutbox.php, lea...

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

CVE-2007-2148

CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-2092

Vulnerability summary (CVE-2007-2092): Direct static code injection in the PHP file index.php of Limesoft Guestbook (LS Simple Guestbook). An attacker can inject arbitrary PHP code into posts.txt via the name parameter, enabling code execution on the server. The issue is tied to feeding unsanitiz...

CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book HGB 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php...

CVE-2007-1635

CVE-2007-1635 describes a static code injection in Net Portal Dynamic System (NPDS)

CVE-2007-1525

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

Code injection

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

The CVE-2007-1394 entry concerns Flat Chat 2.0. It describes a direct static code injection vulnerability in startsession.php, where the Chat Name field is inserted into online.txt and subsequently included by users.php. The root cause is unsafely incorporating user-provided input into executable...

CVE-2007-1073

CVE-2007-1073 involves a static code injection in mcRefer’s install.php. The bgcolor parameter is inserted into mcrconf.inc.php, enabling remote PHP code execution. The vulnerability affects install.php in mcRefer and can lead to complete compromise of affected systems. The available documents do...

Code injection

Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via 1 a REMOTEADDR cookie or 2 a cookie specifying an element of the msg array with an error number in the first...

CVE-2007-0639

GuppY 4.5.16 and earlier is affected by multiple static code injection vulnerabilities in error.php that let remote attackers inject arbitrary PHP code into a data/.inc file via cookies (REMOTE_ADDR or msg[...] with an error dimension). Exploitation would impact confidentiality, integrity, and av...

Code injection

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

CVE-2007-0115

CVE-2007-0115 affects Coppermine Photo Gallery 1.4.10 and earlier. The vulnerability is a static code injection that lets remote authenticated administrators run arbitrary PHP code. The attack path involves injecting PHP code via the Username field to login.php, which is injected into an error me...

CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo...

CVE-2006-6255

The CVE-2006-6255 entry concerns the NukeAI 0.0.3 Beta module for PHP-Nuke, where a vulnerability in util.php allows remote code execution. An attacker can upload and execute arbitrary PHP code by supplying a filename with a .php extension in the filename parameter and code in the moreinfo parame...

CVE-2006-5837

CVE-2006-5837 describes a static code injection in the SimpleChat 1.0.0 module for iWare Professional CMS. The vulnerability resides in chat_panel.php, allowing remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. The CVSSv2 vector is AV:N/AC:L/Au:N/C:P/I:P/A:P w...