Design/Logic Flaw

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

CVE-2006-1099 describes a PHP remote file inclusion vulnerability in logIT versions 1.3 and 1.4. An attacker can trigger arbitrary PHP code execution by supplying a crafted value for the pg parameter in a URL. Multiple sources (NVD, Red Hat, CVE records) corroborate the issue, with the note that ...

txtForum: Script Injection Vulnerability

=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...

Loudblog 0.41 SQL Injection, Local file read/include

"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...

Design/Logic Flaw

PHP remote file include vulnerability in index.php in SMartBlog aka SMBlog 1.2 allows remote attackers to include and execute arbitrary PHP files via 1 the pg parameter and 2 a query string without a parameter...

CVE-2006-1022

PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...

LoudBlog 0.41 - podcast.php SQL Injection

LoudBlog 0.41 - podcast.php SQL Injection source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow...

LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

CVE-2006-1022

PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...

CVE-2006-1013

PHP remote file include vulnerability in index.php in SMartBlog aka SMBlog 1.2 allows remote attackers to include and execute arbitrary PHP files via 1 the pg parameter and 2 a query string without a parameter...

LoudBlog 0.41 - 'podcast.php' SQL Injection

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

CVE-2006-1013

CVE-2006-1013 affects SMartBlog (SMBLog) 1.2 where index.php is vulnerable to a PHP remote file include via (1) the pg parameter and (2) a parameter-less query string. The vulnerability enables an attacker to include and execute arbitrary PHP files on the server. The CVSS-derived metrics in the p...

CVE-2006-1022

CVE-2006-1022 affects PeHePe Uyelik Sistemi (PeHePe Membership Management System) version 3. The issue is a PHP remote file inclusion in sol_menu.php. An attacker can cause arbitrary PHP code execution by supplying a URL in the uye_klasor parameter, together with misafir[] set to UYE_SEVIYE. This...

PHORUM 3.x5.x - Common.php Remote File Inclusion

PHORUM 3.x5.x - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/16977/info The PHORUM application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

Remote file inclusion

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

The CVE-2006-0945 entry concerns Archangel Weblog 0.90.02, where a PHP remote file include vulnerability exists in admin/index.php. The underlying issue is a NULL byte (%00) in the index parameter that enables remote authenticated administrators to execute arbitrary PHP code. Documents identify t...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...