CVE-2006-5131

module/shout/jafshout.php aka the shoutbox in ph03y3nk just another flat file JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/datainc.php...

CVE-2006-5085

CVE-2006-5085 affects Blog Pixel Motion 2.1.1. The vulnerability is a static code injection in config.php where the nom_blog parameter is injected into include/variables.php, enabling remote attackers to execute arbitrary PHP code. The available connected documents confirm the affected software v...

CVE-2006-4768

Multiple direct static code injection vulnerabilities in addgo.php in Stefan Ernst Newsscript aka WM-News 0.5 beta allow remote attackers to execute arbitrary PHP code via the 1 description, 2 issue, 3 title, 4 var, 5 name, 6 keywords, and 7 note parameters, which are stored in an article file...

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

CVE-2006-4674

CVE-2006-4674 concerns DokuWiki prior to 2006-03-09c. A direct static code injection flaw in the script doku.php allows remote attackers to execute arbitrary PHP code by supplying a crafted X-FORWARDED-FOR HTTP header, which is stored in config.php. The vulnerability is characterized by an attack...

CVE-2006-4631

The CVE refers to SoftBB 0.1 (and possibly earlier) with a vulnerability in admin/save_opt.php: Direct static code injection allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php and makes it accessible v...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

CVE-2006-4451 affects CJ Tag Board 3.0, with a direct static code injection flaw allowing remote PHP code execution. The vulnerability arises from two input vectors: (1) the User-Agent HTTP header in tag.php (executed by all.php) and (2) the banned parameter in admin_index.php. This results in ar...

CVE-2006-4432

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence in the final component of the PHP session identifier PHPSESSID. NOTE: in some cases, this issue can be leveraged to perform direct static code...

CVE-2006-3184

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settingsskin.asp, which is stored in incskinfile.asp...

CVE-2006-2667

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

WordPress <= 2.0.2 - Direct Static Code Injection

Because of this vulnerability, the attackers can execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, when it is appended after a special comment sequence into files. Solution Update the WordPress to the latest available version at least 2.0.3...

CVE-2005-4800

Direct static code injection vulnerability in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a modinfo action to modifygallery.php, which inserts the code into guidinfo.php. NOTE: this...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-1895

The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...