Code injection

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

Sql injection

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...

CVE-2008-6530

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...

CVE-2009-1151

CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

[SA34410] PHP Classifieds Cross-Site Scripting and File Upload Vulnerabilities

---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: Vulnerability Research Software Inspection Results Secunia Research Highlights Secunia Advisory Statistics...

Remote file inclusion

PHP remote file inclusion vulnerability in slideshowuploadvideo.content.php in SharedLog, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootdir parameter...

Authentication flaw

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

Code injection

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

CVE-2008-6445

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

CVE-2008-6445

Technical details about CVE-2008-6445 are not publicly available in the provided documents. The entries repeat generic vulnerability notes with no concrete affected versions, exploit vectors, or remediation steps.

Mandrake Security Advisory MDVSA-2009:052 (php-smarty)

The remote host is missing an update to php-smarty announced via advisory MDVSA-2009:052. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-6251

PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2008-6223

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior WOTW 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php...

Code injection

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

CVE-2008-6206

Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter to 1 graph.php and 2 robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

CVE-2009-0643

CVE-2009-0643 describes a static code injection in Simple PHP News 1.0 final. An attacker can inject arbitrary PHP code into news.txt via the post parameter and then trigger execution by requesting display.php, indicating a combination of unsafeguarded input handling and file-based code execution...

CVE-2009-0643

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...