Code injection

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

Code injection

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the 1 fav1url, 2 fav1name, 3 fav2url, 4 fav2name, 5 fav3url, 6 fav3name, 7 fav4url, 8 fav4nam...

CVE-2008-6773

The CVE-2008-6773 entry concerns YourPlace 1.0.2 and earlier, where a static code injection flaw in user/internettoolbar/edit.php allows remote authenticated users to execute arbitrary PHP via 10 fav parameters, resulting in partial impact to confidentiality, integrity, and availability. The root...

CVE-2008-6773

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the 1 fav1url, 2 fav1name, 3 fav2url, 4 fav2name, 5 fav3url, 6 fav3name, 7 fav4url, 8 fav4nam...

CVE-2009-1463

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

Code injection

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

Code injection

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

CVE-2009-1463

The CVE-2009-1463 entry affects razorCMS prior to version 0.4. The issue is a static code injection flaw that lets remote attackers save content as a .php file, enabling arbitrary PHP execution on affected pages. The underlying cause is improper handling of content/file saves that allows code to ...

CVE-2008-6761

CVE-2008-6761 affects Flexcustomer 0.0.6 and is a static code injection vulnerability in admin/install.php that enables remote attackers to inject arbitrary PHP into const.inc.php via the installdbname parameter (Database Name field). The issue stems from admin/install.php and installation notes ...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Code injection

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1285

phpMyAdmin 3.x is affected by a static code injection in the getConfigFile function (setup/lib/ConfigFile.class.php) prior to 3.1.3.2, allowing remote attackers to inject arbitrary PHP into configuration files. Documented CVSS base 7.5 (HIGH) with network access and no authentication. Remediation...

CVE-2009-1278

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X GBX 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php...

CVE-2009-1278

Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...

CVE-2008-6651

The CVE-2008-6651 entry covers a static code injection in OxYProject OxYBox 0.85, specifically in edithistory.php. The vulnerability arises because an attacker can inject arbitrary PHP code into oxyhistory.php through the oxymsg parameter, enabling remote code execution. The affected component is...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-6133)

This update of phpMyAdmin fixes multiple vulnerabilities : - CVE-2009-1148: directory traversal - CVE-2009-1149: CRLF injection - CVE-2009-1150: cross-site scripting - CVE-2009-1151: static code injection %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Code injection

Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action...