Remote file inclusion

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2008-0287

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2008-0287

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Remote file inclusion

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-3221

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

CVE-2007-2986

PHP remote file inclusion vulnerability in lib/livestatus.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter...

CVE-2007-2939

Maven/Mazen’s PHP Chat 3.0.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue arises when an attacker can supply a URL via the basepath parameter to include/pear/ITX.php, IT_Error.php, or IT.php, enabling remote code execution on the server. The CVE-2007-2939 entry doc...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2006-7148

PHP remote file inclusion vulnerability in includes/bbusagestats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter. NOTE: this might be the same issues as CVE-2006-4893...

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...

CVE-2007-0487

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used...

CVE-2006-6086

PHP remote file inclusion vulnerability in src/arkinc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfgpearpath parameter...

CVE-2006-4425

CVE-2006-4425 affects the phpCOIN 1.2.3 package. Multiple remote file inclusion weaknesses allow an unauthenticated, remote attacker to cause code execution by manipulating the _CCFG[_PKG_PATH_INCL] parameter in seven coin_includes scripts (api.php, common.php, core.php, custom.php, db.php, redir...

CVE-2006-4077

PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager CWFM 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter...

CVE-2006-3984

PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAdspath parameter...

CVE-2006-3982

PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICKPATH parameter...