Code injection

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function...

Design/Logic Flaw

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

OABoard 1.0 Forum - Remote File Inclusion

source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...

CVE-2005-4319

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter...

CVE-2005-4094

connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script...

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2003-1241

Cross-site scripting vulnerability XSS in 1 adminindex.php, 2 adminpass.php, 3 adminmodif.php, and 4 adminsuppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via...

CVE-2003-1256

afflistelangue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the repinclude parameter to reference a URL on a remote web server that contains paralangue.php...

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

CodeGrrl Applications Remote File Inclusion Vulnerabilities

The remote host appears to be running at least one of the PHP applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or PHPQuotes. Under certain conditions, these applications fail to sanitize input to the 'siteurl' parameter of the 'protection.php' script before using it in a PHP...

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

ATutor 1.x - body_header.inc.php?section Local File Inclusion

ATutor 1.x - bodyheader.inc.php?section Local File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attack...