Code injection

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

Code injection

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0810

Skate Board 0.9 is affected by CVE-2006-0810 via a PHP code injection vulnerability in config.php. Remote authenticated administrators can modify variables in config.php, potentially enabling arbitrary PHP code execution. This is described as a vulnerability in Skate Board 0.9 related to config.p...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

Directory traversal

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. dot dot sequences in the 1 lang parameter in docs/index.php and the language parameter in 2 install/install.php, 3 install/secstageinstall.php, 4 install/thirdstageinstall.php, and 5...

Cross site scripting

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...

CVE-2005-2893

CVE-2005-2893 affects PBLang 4.65 (and possibly earlier). The vulnerability is a direct static code injection in setcookie.php where the username parameter (u) is directly injected into a file that is later executed upon login, enabling remote code execution. The available sources identify the vu...