CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-2985

CVE-2007-2985 affects Pheap 2.0. An attacker can bypass authentication by setting the pheap_login cookie to the administrator’s username, enabling (1) access to sensitive info, including the admin password via settings.php and (2) upload/execute arbitrary PHP code via the update_doc action in edi...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2969

PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter...

CVE-2007-2961

CVE-2007-2961 concerns an Unrestricted file upload vulnerability in FileCloset before 1.1.5. The issue allows remote attackers to upload arbitrary PHP files via unspecified vectors. The NVD entry records a CVSSv2 base score of 7.5 (HIGH) with network attack vector and no authentication required; ...

CVE-2007-2939

Maven/Mazen’s PHP Chat 3.0.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue arises when an attacker can supply a URL via the basepath parameter to include/pear/ITX.php, IT_Error.php, or IT.php, enabling remote code execution on the server. The CVE-2007-2939 entry doc...

CVE-2007-2899

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the formatmenue parameter to 1 admin/inc/changeaction.php or 2 admin/inc/add.php...

CVE-2007-2679

Summary: CVE-2007-2679 is a PHP file inclusion vulnerability in Ivan Peevski gallery 0.3 (Simple PHP Scripts, sPHP). Affected component: index.php; vulnerability arises from using a user-supplied gallery parameter as input to file_exists, enabling inclusion of arbitrary PHP code through UNC or lo...

CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter...

CVE-2007-2628

CVE-2007-2628 affects Justin Koivisto’s SecurityAdmin for PHP (PHPSecurityAdmin) v4.0.2. The vulnerability is a PHP remote file inclusion in include/logout.php that allows an attacker to execute arbitrary PHP code by supplying a URL via the PSA_PATH parameter. Documented impact is arbitrary code ...

Remote file inclusion

PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter...

CVE-2007-2609

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

EUVD-2007-2590

Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 ordnertiefe parameter to siteconf.php; or the 2 ttdocroot parameter to a class.csv.php, b produktenachserie.php, or c refkdrubrik.php in functionen/; ...

CVE-2007-2575

PHP remote file inclusion vulnerability in watermark.php in the vm aka Jean-Francois Laflamme watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...

CVE-2007-2575

PHP remote file inclusion vulnerability in watermark.php in the vm aka Jean-Francois Laflamme watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...

Directory traversal

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

Remote file inclusion

PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value...

WordPress WP Table Plugin <= 1.43 - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...