CVE-2006-4060

PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfgdir parameter...

CVE-2006-3689

PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZLite allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any...

CVE-2006-3340

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via the 1 phpbbrootpath parameter in a includes/functionscms.php and the 2 GlobalSettingstemplatesDirectory parameter i...

CVE-2006-3317

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 announcements.php and 2 rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116...

CVE-2006-3173

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...

CVE-2006-3192

PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the 1 ipath parameter in common.php and 2 unspecified vectors in ad.php...

CVE-2006-3053

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUMhttppath parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of...

CVE-2006-3019

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...

CVE-2006-2685

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine BASE 1.2.4 and earlier, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASEpath parameter to 1 baseqrycommon.php, 2 basestatcommon.php, and 3...

Directory traversal

Sugar Suite Open Source SugarCRM 4.2 and earlier, when registerglobals is enabled, does not protect critical variables such as $GLOBALS and $SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by...

CVE-2006-2460

SugarCRM (Sugar Suite Open Source)

CVE-2006-2323

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

CVE-2006-2253

PHP remote file inclusion vulnerability in visiblecountinc.php in Statit 4 060207 allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter...

CVE-2006-2033

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functionscommon.php in the VWar Account module vWarAccount in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwarroot2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, b...

Code injection

Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in t...

CVE-2005-4132

Unspecified "security leak" vulnerability in Contenido before 4.6.4, when registerglobals is on and allowurlfopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this is a PHP remote file include vulnerability...

CVE-2005-2413

PHP remote file inclusion vulnerability in apaphpinclude.inc.php in Atomic Photo Album APA allows remote attackers to execute arbitrary PHP code via the apamodulebasedir parameter...

CVE-2005-2155

PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter...

CVE-2004-1989

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEMEDIR parameter to reference a URL on a remote web server that contains userlistinfobox.inc...