Remote file inclusion

PHP remote file inclusion vulnerability in protection.php in ePersonnel RC200402 allows remote attackers to execute arbitrary PHP code via a URL in the logoutpage parameter...

CVE-2007-4608

PHP remote file inclusion vulnerability in protection.php in ePersonnel RC200402 allows remote attackers to execute arbitrary PHP code via a URL in the logoutpage parameter...

CVE-2007-4551

PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter...

Code injection

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying 1 disclaimer.txt, 2 sponsors.txt, and 3 banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend...

CVE-2007-4536

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying 1 disclaimer.txt, 2 sponsors.txt, and 3 banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend...

CVE-2007-4524

PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...

CVE-2007-4536

TorrentTrader 1.07 and earlier is affected by an insecure file-permissions flaw in the root directory. Attackers can modify files used by an include call (disclaimer.txt, sponsors.txt, banners.txt) to execute arbitrary PHP code. The vulnerability is localized (LOCAL attack vector) with partial co...

Code injection

Direct static code injection vulnerability in admincp/userhelp.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a newentry value in the do parameter...

CVE-2007-4413

Direct static code injection vulnerability in admincp/userhelp.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a newentry value in the do parameter...

Design/Logic Flaw

index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the SERVERDOCUMENTROOT parameter in 1 poll.php and 2 pollarchive.php. NOTE: a reliable third party states that this issue is resultant from a variable...

Remote file inclusion

PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php or 2 datei.php...

CVE-2007-4320

PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter...

CVE-2007-4329

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...

CVE-2007-4279

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoroot parameter...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

CVE-2007-4279

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoroot parameter...

Mapos-Scripts.de Gastebuch 1.5 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/25252/info Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP...