CVE-2007-2189

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2095

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the myroot parameter, a different vector than CVE-2007-0498...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2009

PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter...

CVE-2007-1483

Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to 1 login.php, 2 getreminders.php, or 3 getevents.php...

CVE-2007-1458

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

CVE-2006-7146

PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cprootpath parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is...

CVE-2006-7045

PHP remote file inclusion vulnerability in Clan Manager Pro CMPRO 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath and possibly 2 sitepath parameters to a cmpro.ext/comment.core.inc.php and b cmpro.intern/comment.core.inc.php. NOTE: the provenanc...

CVE-2006-7036

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not b...

CVE-2007-0831

Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to 1 index.php, 2 sources/usercp.php, or 3 sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONFpath ...

CVE-2007-0762

PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0487

The CVE-2007-0487 issue is a PHP remote file inclusion in FreeForum 0.9.0 (index.php) exploitable via the fpath parameter, allowing remote code execution. This vulnerability is associated with FreeForum 0.9.0’s index.php and the fpath parameter, and descriptions note that third-party researchers ...

CVE-2007-0298

PHP remote file inclusion vulnerability in show.php in LunarPoll, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter...

CVE-2007-0190

PHP remote file inclusion vulnerability in editaddress.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter...

CVE-2006-6867

Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator aka bubla 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the budir parameter to 1 bu/buclaro.php, 2 bu/bucache.php, or 3 bu/buparse.php, different vectors and a different affect...

CVE-2006-6738

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-6552

PHP remote file inclusion vulnerability in admin/plugins/NPUserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIRADMIN parameter...

CVE-2006-6213

index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the absurl parameter, which is later extracted to overwrite a previously uncontrolled value...

CVE-2006-5899

PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and...

CVE-2006-5760

Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to 1 functionlog.php, 2 functionbaliseurl.php, or 3 connection.php...