Remote file inclusion

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

CVE-2009-1463

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

Remote file inclusion

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

CVE-2009-1450

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

Sql injection

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

CVE-2008-6731

CVE-2008-6731 describes an unrestricted file upload vulnerability in submitlink.php of FlexPHPLink Pro 0.0.7 . An attacker can upload a file with an executable extension and then access the renamed file under the linkphoto/ path to execute arbitrary PHP code remotely. The vulnerability stems from...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Code injection

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...

Code injection

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

Sql injection

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...

CVE-2008-6530

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...

CVE-2009-1151

CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...

[SA34410] PHP Classifieds Cross-Site Scripting and File Upload Vulnerabilities

---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: Vulnerability Research Software Inspection Results Secunia Research Highlights Secunia Advisory Statistics...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Remote file inclusion

PHP remote file inclusion vulnerability in slideshowuploadvideo.content.php in SharedLog, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootdir parameter...

Code injection

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...