8 matches found
CVE-2007-3289
PHP remote file inclusion vulnerability in spaw/spawcontrol.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3237
CVE-2007-3237 and related entries describe a PHP remote file inclusion in the spaw/spaw_control.class.php handler used by XOOPS modules (TinyContent 1.5, WiwiMod 0.4, XT-Conteudo). The vulnerability allows an attacker to cause arbitrary PHP code execution by supplying a crafted URL in the spaw_ro...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in include/wysiwyg/spawcontrol.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2006-5291
PHP remote file inclusion vulnerability in admin/includes/spaw/spawcontrol.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PH...