Remote file inclusion

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used...

CVE-2007-0485

PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter...

CVE-2007-0486

Multiple PHP remote file inclusion vulnerabilities in Openads aka phpAdsNew 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 phpAdsgeoPlugin parameter to libraries/lib-remotehost.inc, the 2 filename parameter to admin/report-index, or the 3 phpAdsconfigmyfooter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Openads aka phpAdsNew 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 phpAdsgeoPlugin parameter to libraries/lib-remotehost.inc, the 2 filename parameter to admin/report-index, or the 3 phpAdsconfigmyfooter...

CVE-2007-0487

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used...

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in phpBP RC3 2.204 and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an imageform parameter specifying a multiple-extension filename...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/grabglobals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

CVE-2007-0298

PHP remote file inclusion vulnerability in show.php in LunarPoll, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. NOTE: a reliable third party disputes this vulnerability because thispath is defined before use...

CVE-2007-0190

PHP remote file inclusion vulnerability in editaddress.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter...

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...

CVE-2006-6887

The CVE-2006-6887 entry describes an unrestricted file upload vulnerability in logahead UNU 1.0 (before 2006-12-26) allowing remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (WidgEd plugin). The root cause is suggested as a po...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...

CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit edycja operation, which is then executed via a direct request for this script...

Jinzora Multiple Script include_path Parameter Remote File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The installation of Jinzora on the remote host fails to sanitize input to the 'includepath' parameter of several scripts before using it in the 'jzBackend.php' script to include PHP code. Provide...

CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit edycja operation, which is then executed via a direct request for this script...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...