CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

CVE-2008-6435

Multiple cross-site scripting XSS vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 langhome, 2 langadminmenu, and 3 langadminmenupageoverview parameters to cms/includes/header.inc.php; and the 4 langloginusername and 5 langloginpassword...

CVE-2008-4591

Multiple cross-site scripting XSS vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 langaccessforbiden and 2 langidenttitle parameters...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...