phpWebThings editor_insert_bottom Parameter Remote File Include Vulnerability

The remote web server contains a PHP script that is affected by a remote file include issue. Description: The remote web server is running phpWebThings, a PHP based photo gallery management system. The version of phpWebThings installed on the remote host fails to sanitize input to the...

Directory traversal

Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. dot dot in the 1 te and 2 dir parameters in a tempedit action...

CVE-2008-2115

Multiple cross-site scripting XSS vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 te and 2 dir parameters in a tempedit action...

CVE-2008-2116

CVE-2008-2116 affects ScriptsEZ.net Power Editor 2.0: directory traversal in editor.php allows reading arbitrary local files via a .. sequence in the te and dir parameters of the tempedit action. Root cause is improper input handling of path traversal; impact is partial confidentiality/integrity/...

CVE-2007-3141

PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editorinserttop parameter. NOTE: the editorinsertbottom vector is already covered by CVE-2006-6042...

CVE-2007-3141

CVE-2007-3141 affects phpWebThings 1.5.2: remote code execution via PHP remote file inclusion in core/editor.php through the editor_insert_top parameter. Bottom vector already covered by CVE-2006-6042. The connected docs confirm the vulnerability but do not provide a remediation.

phpwebthings-rfi.txt

script:phpWebThings ==1.5.2 RFI dir url:http://sourceforge.net/project/showfiles.php?groupid=19103 author:titanichacker c0ntact:[email protected] H.P: hack-teach.com & mohandko.com & tryag.com bug in: /core/editor.php include$editorinserttop; include$editorinsertbottom; exploit:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors...

CVE-2007-2901

Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors...

phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion

The remote web server is running phpWebThings, a PHP based photo gallery management system. The version of phpWebThings installed on the remote host fails to sanitize input to the 'editorinsertbottom' parameter before using it in the 'core/editor.php' script to include PHP code. Provided PHP's...

PHPWebThings 1.5.2 - editor.php Remote File Inclusion

PHPWebThings 1.5.2 - editor.php Remote File Inclusion +------------------------------------------------------------------------------------------- + phpWebThings 1.5.2 editor.php Remote File Include Vulnerability...