7203 matches found
Design/Logic Flaw
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...
CVE-2003-1385
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if registerglobals is enabled, by modifying the rootpath parameter to reference a URL on a remote web server that contains the code...
Remote file inclusion
PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct reques...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the bloglocalpath parameter to 1 includes/functions.php or 2 includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in function...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by 1 an unspecified action that creates a file containing PHP code and 2 unspecified use of the forum component. NOTE: the provenance of this...
Remote file inclusion
PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...
CVE-2007-5575
Cross-site request forgery CSRF vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by 1 an unspecified action that creates a file containing PHP code and 2 unspecified use of the forum component. NOTE: the provenance of this...
Remote file inclusion
PHP remote file inclusion vulnerability in lib/fckeditor/uploadconfig.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter...
CVE-2007-5575
The CVE-2007-5575 entry concerns CSRF in 1024 CMS 1.2.5 that lets remote attackers perform administrator actions. The available details illustrate two examples: an action that creates a file containing PHP code and an action involving the forum component. The documents do not provide concrete exp...
Design/Logic Flaw
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2007-5563
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2007-5563
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
SiteBar 3.3.8 - '/translator.php?upd/cmd/Action/edit' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability - Multiple arbitrary-script-code-execution vulnerabilities -...
CVE-2007-5492
Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...
CVE-2007-5492
Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...
CVE-2007-5492
Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...
CVE-2007-5451
PHP remote file inclusion vulnerability in admin.color.php in the comcolorlab aka comcolor 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...
CVE-2007-5416
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...
CVE-2007-5416
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...
Command injection
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...