5 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the 1 lOptionsOptions, 2 lNavAdminOptions, or 3 lNavReturn parameter to options.php; or the 4 lNavReturn parameter to subscribe.php...
CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...
CVE-2008-3707
CVE-2008-3707 describes multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite (versions around 1.21/1.25) that allow an attacker to execute arbitrary PHP code by supplying a malicious URL in the script_path parameter to a long list of scripts (e.g., flat_read.php, post.php, proc...
Remote file inclusion
PHP remote file inclusion vulnerability in include/defaultheader.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter, a different vector than CVE-2006-2871...
CVE-2007-1983
CVE-2007-1983 is a PHP remote file inclusion vulnerability in CyBoards PHP Lite 1.21. The issue affects the include/default_header.php script, where a remote attacker can supply a URL via the script_path parameter to execute arbitrary PHP code. This is described as a different vector from CVE-200...