CVE-2022-4606 PHP Remote File Inclusion in flatpressblog/flatpress

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...

CVE-2022-4446

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0...

CVE-2015-3173

The CVE-2015-3173 entry concerns the WordPress plugin “custom-content-type-manager.” Multiple connected sources document that a site administrator can trigger arbitrary PHP remote code execution through this plugin, indicating a vulnerability in the plugin code that allows PHP execution with admi...

EUVD-2006-4199

PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolutepath parameter...

PHP Remote File Inclusion in crater-invoice/crater

Description No mime type restriction on file uploads, allowing an attacker to upload and execute arbitrary PHP code. Proof of Concept Login to the dashboard, preferably using your own localhost install. Go to "Expenses", "Settings Account" or "Settings Company". Upload any PHP file you want. Impa...

Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution

CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution...

HTMLEditBox 2.2 Config.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23664/info htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to execute malicious PHP code in the context ...

POWERGAP <= 2003 (s0x.php) Remote File Include Vulnerability

No description provided by source. ================================================================= powergap = s0x.php Remote File Inclusion Exploit ================================================================ Critical Level : Dangerous Venedor site : http://www.powergap-shop.de...

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

MySQLDumper 1.24.4 - &#039;menu.php&#039; PHP Remote Code Execution

source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the...

Invision Power Board 3.3.0 Local File Inclusion

Exploit for php platform in category web applications Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2226 Description of vulnerable software: Invision Power Board...

CVE-2012-1199

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine BASE 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 BASEpath parameter to baseagmain.php, 2 basedbsetup.php, 3 basegraphcommon.php, 4 basegraphdisplay.php, 5 basegraphform.php, ...

CVE-2012-1199

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine BASE 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 BASEpath parameter to baseagmain.php, 2 basedbsetup.php, 3 basegraphcommon.php, 4 basegraphdisplay.php, 5 basegraphform.php, ...

CVE-2011-4750

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

CVE-2010-4939

PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter...

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

CVE-2010-3209

Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to 1 Config/Container.php and 2 HTML/QuickForm.php in fog/lib/pear/, the 3 driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the...

CVE-2010-2918

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2010-1335

Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to 1 city.get/city.get.php, 2 city.get/index.php, 3 message2.send/message.send.php, 4...

40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net &#40;Simple Audit&#41;

This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also appl...