Sql injection

SQL injection vulnerability in 1 functions.php, 2 functionsupdate.php, and 3 functionsdisplay.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the themeid parameter in index.php...

CVE-2006-0065

CVE-2006-0065 describes an SQL injection vulnerability in VEGO Web Forum versions up to and including 1.26, affecting (1) functions.php, (2) functions_update.php, and (3) functions_display.php. The flaw allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index....

CVE-2005-4037

CVE-2005-4037 affects Web4Future Affiliate Manager PRO 4.1 and earlier. The vulnerability is a SQL injection in functions.php reachable via the pid parameter, enabling remote SQL commands. CVSS metrics in the initial entry indicate base score 7.5 (HIGH) with network attack vector and low attack c...

CVE-2005-4037

SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter...

MailWatch authenticate() Function SQL Injection

The remote host appears to be running MailWatch, a web-based frontend to MailScanner written in PHP. The version of MailWatch installed on the remote host fails to sanitize the username and password before using them in database queries in the 'authenticate' function of 'functions.php'. This issu...

Land Down Under <= 800 Multiple Vulnerabilities

The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldulog'. A malicious user may be able...

CVE-2004-2038

Cross-site scripting XSS vulnerability in Land Down Under LDU before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in 1 functions.php, 2 header.php or 3 auth.inc.php...

CVE-2004-2038

CVE-2004-2038 concerns a cross-site scripting (XSS) vulnerability in Land Down Under (LDU) prior to version 700. The issue allows remote attackers to inject arbitrary web script or HTML via a BBCode img tag in one of three PHP files: functions.php , header.php , or auth.inc.php . The provided doc...

CVE-2004-2038

Cross-site scripting XSS vulnerability in Land Down Under LDU before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in 1 functions.php, 2 header.php or 3 auth.inc.php...

CVE-2004-0327

CVE-2004-0327 affects PhpNewsManager 1.46. A directory traversal vulnerability exists in functions.php, allowing remote attackers to retrieve arbitrary files via .. sequences in the clang parameter. The provided documents confirm the vulnerable component and the exploitation vector but do not inc...

CVE-2004-0030

CVE-2004-0030 describes a PHP remote file inclusion in PHPGEDVIEW 2.61 via PGV_BASE_DIRECTORY in functions.php, authentication_index.php, and config_gedcom.php, enabling remote code execution by referencing a URL on a remote server. Root cause: unsafely using a user-controllable base directory pa...

PT-2004-1245 · Php · Phpgedview

Name of the Vulnerable Software and Affected Versions: PHPGEDVIEW version 2.61 Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the PGV BASE DIRECTORY parameter to reference a URL on a remote web server that contains the code. This is possible due to a...

PT-2003-2445 · Cpcommerce · Cpcommerce

Name of the Vulnerable Software and Affected Versions: cpCommerce version 0.5f Description: The issue allows remote attackers to execute arbitrary code via the prefix parameter in the functions.php file. This is a result of a remote file inclusion vulnerability. Recommendations: For cpCommerce...

Invision Board 1.1.1 - functions.php SQL Injection

Invision Board 1.1.1 - functions.php SQL Injection source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be...

Invision Board 1.1.1 - &#039;functions.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be able to exploit this vulnerability by manipulating...