Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the bloglocalpath parameter to 1 includes/functions.php or 2 includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in function...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct reques...

CVE-2007-5575

Cross-site request forgery CSRF vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by 1 an unspecified action that creates a file containing PHP code and 2 unspecified use of the forum component. NOTE: the provenance of this...

CVE-2007-5575

The CVE-2007-5575 entry concerns CSRF in 1024 CMS 1.2.5 that lets remote attackers perform administrator actions. The available details illustrate two examples: an action that creates a file containing PHP code and an action involving the forum component. The documents do not provide concrete exp...

Design/Logic Flaw

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2007-5563

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2007-5563

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

SiteBar 3.3.8 - '/translator.php?upd/cmd/Action/edit' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability - Multiple arbitrary-script-code-execution vulnerabilities -...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

CVE-2007-5451

PHP remote file inclusion vulnerability in admin.color.php in the comcolorlab aka comcolor 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-5416

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

Command injection

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

CVE-2007-5416

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

Several vulnerabilities in CMS Made Simple 1.1.3.1

Hi, There are several security bugs in CMS Made Simple 1.1.3.1 : I am not going to release dangerous and exploitable info here 1 There is a highly dangerous PHP code execution bug in the script . 2 A registered user can access unauthorized pages . For example he can upload files to the server, or...

PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion

PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...

CVE-2007-5315

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbumdir parameter...

CVE-2007-5314

PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter...

CVE-2007-5315

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbumdir parameter...