CVE-2006-5627

Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to 1 headerscripts.php, 2 footerhome.php, and 3 footermain.php in admin/include/; 4 photogallery/headerscripts.php; and 5...

CVE-2006-5594

PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP...

CVE-2006-5481

Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in 1 lib/code.php, 2 lib/dbconnect.php, 3 lib/error.php, 4 lib/menu.php, and other unspecified files. NOTE: the provenance of...

CVE-2006-5413

Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB YaBBSM allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to 1 Offline.php, 2 Sources/Admin.php, 3 Sources/Offline.php, or 4 content/portalshow.php...

CVE-2006-5315

PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter...

CVE-2006-5223

PHP remote file inclusion vulnerability in includes/functionsuserviewedposts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

EUVD-2006-5085

PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS aka webnews 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WNBASEDIR parameter...

CVE-2006-5045

Unspecified vulnerability in PollXT component compollxt 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfigabsolutepath to conf.pollxt.php...

CVE-2006-4733

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system SIPS 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the configsipssys parameter. NOTE: the product's documentation recommends placing the...

CVE-2006-4544

Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter in files in the modules directory including 1 birstday/birst.php 2 birstday/select.php, 3...

CVE-2006-4557

PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis...

CVE-2006-4545

PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the SERVER parameter in 1 admin/avatar.php, 2 libs/archive.class.php, 3 libs/login.php, 4 libs/profiles.class.php, and 5 libs/profile/proccess.php. NOTE: CVE disputes thi...

CVE-2006-4425

Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the CCFGPKGPATHINCL parameter in coinincludes scripts including 1 api.php, 2 common.php, 3 core.php, 4 custom.php, 5 db.php, 6 redirect.php or 7 sessionset.php. NOTE: the...

CVE-2006-4291

PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier Build 3.04.04 allows remote attackers to execute arbitrary PHP code via a URL in the PMpathhandler parameter...

CVE-2006-4286

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component comcontentpublisher for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter. NOTE: this issue has been disputed by third parties who state tha...

EUVD-2006-4275

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 phphtmllib parameter to a phphtmllib/includes.php; tagutils/ scripts including b divtagutils.php, c formutils.php, d...

CVE-2006-4277

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIBDIR parameter to 1 include/novalib/class.novaAdmin.mysql.php and 2 novalib/class.novaRead.mysql.php. NOTE: the provenance of this information...

CVE-2006-4241

PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component comreporter allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4166

CVE-2006-4166 : PHP remote file inclusion in TinyWebGallery (≤1.5) allows remote attackers to execute arbitrary PHP code via a URL provided in the image parameter to (1) image.php or (2) image.php2. Root cause is unsafe handling of the image parameter enabling inclusion of remote/local code; CVSS...

CVE-2006-4085

PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project TSEP 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsepconfigabsPath parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this...