Remote file inclusion

PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the contentphp parameter. NOTE: this issue has been disputed by a reliable third party, stating that contentphp is initialized before use...

CVE-2007-2307

PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter...

CVE-2007-2317

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to bbplugins.php in 1 components/minibb/ or 2...

CVE-2007-2288

PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

CVE-2007-2258

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

Cross site scripting

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting XSS attack, or via the puninclude tag, as demonstrated by use of adminoptions.php to execute PHP code from an uploaded avatar file...

CVE-2007-2236

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting XSS attack, or via the puninclude tag, as demonstrated by use of adminoptions.php to execute PHP code from an uploaded avatar file...

HTMLEditBox 2.2 - config.php Remote File Inclusion

HTMLEditBox 2.2 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/23664/info htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to execute malicious PHP cod...

HTMLEditBox 2.2 - 'config.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/23664/info htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to execute malicious PHP code in the context of the webserver. This may allow t...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/pcltar.lib.php aka pcltar.php in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including 1 Joomla! 1.5.0 Beta, 2 N/X Web Content Management System WCMS 4.5, 3 CJG EXPLORER PRO 3.3, and 4...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2189

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

CVE-2007-2181

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter, a different product and vector than CVE-2005-0748...

Code injection

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action...

Remote file inclusion

PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot osp 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter...

Code injection

Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Code injection

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...