Drupal 11.x-dev - Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

GHSA-MG8J-W93W-XJGC Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

PT-2024-6543 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 11.x-dev Description: The issue is related to a Full Path Disclosure flaw in the core/authorize.php file of the Drupal CMS system. This flaw allows an attacker to disclose system data without authorization. The vulnerability c...

Fast FAQs System SQL Injection

-=Fast FAQs System=- Autore: x0r Email: [email protected] Cms Site: http://fastcreators.com/products/fastfaq/download.php Bug In \admin\authorize.php $query = "select from admin where userid='$POST'uname'' AND pass='$POST'pass''"; Exploit: ' or '1=1 Greetz: Anna...Strabica...Emetta... Vi Amo.. -- w00t...

Remote file inclusion

PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the loginform parameter, a different vector than CVE-2006-3776...

CVE-2007-4094

PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the loginform parameter, a different vector than CVE-2006-3776...

CVE-2007-4094

CVE-2007-4094 affects IDevSpot PhpHostBot (library/authorize.php). The vulnerability allows remote attackers to execute arbitrary PHP code via a URL supplied in the login_form parameter, representing a remote file inclusion in this component. This is described as a different vector from CVE-2006-...

PT-2007-5296 · Phphostbot · Phphostbot

Name of the Vulnerable Software and Affected Versions: PhpHostBot affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the login form parameter in the library/authorize.php file. Recommendations: At the moment, there is no...

vBulletin authorize.php x_invoice_num Parameter SQL Injection

Binary data 2294.prm...