CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

Code injection

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

CVE-2008-2638

CVE-2008-2638 affects 1Book 1.0.1 and earlier . The vulnerability is in guestbook.php : remote attackers can upload arbitrary PHP code via the message parameter of an HTML web form, which is written to data.php . The CVSS vector (as per NVD) indicates _network-based, low complexity, no auth with ...

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

Code injection

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...

CVE-2008-2195

DeluxeBB 1.2 and earlier are affected by a static code injection vulnerability in admincp.php. The issue allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI, enabling partial impact to integrity and possibly other areas as per the CVSS metrics. No ...

Code injection

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2008-1860

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

Code injection

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6082

Direct static code injection vulnerability in Sciurus Hosting Panel, affecting acp/savenews.php (possibly version 2.0.3). The issue lets an attacker inject arbitrary PHP code via the filecontents parameter, which can be executed when accessing includes/news.php. Root cause: improper handling of f...

Code injection

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php...

CVE-2007-5772

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

CVE-2002-2319

CVE-2002-2319 affects MySimpleNews: a static code injection vulnerability in users.php allows remote attackers to inject arbitrary PHP code and HTML via the LOGIN, DATA, and MESS parameters, which are inserted into news.php3. This indicates input handling flaws that enable arbitrary code executio...

CVE-2007-5492

SiteBar (translation module, translator.php) is affected by CVE-2007-5492: a static code injection vulnerability that lets remote authenticated users execute arbitrary PHP code via the value parameter. The issue is part of a set of related flaws in the translation module (also CVE-2007-5491, CVE-...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

Code injection

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

CVE-2007-2647

CVE-2007-2647 affects Monalbum 0.8.7. A static code injection vulnerability in admin/admin_configuration.php allows remote authenticated users to inject arbitrary PHP code into conf/config.inc.php by manipulating one of 28 parameters (e.g., gadm_pass, gadm_user, gcfgBase, etc.). The NVD entry doc...