PT-2006-5969 · Phpwebsite · Phpwebsite

Name of the Vulnerable Software and Affected Versions: phpWebSite version 0.10.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PHPWS SOURCE DIR parameter in multiple PHP files, including init.php, users.php, Cookie.php, forms.php, Groups.php,...

phpWebSite 0.10.2 - PHPWS_SOURCE_DIR Multiple Remote File Inclusions

phpWebSite 0.10.2 - PHPWSSOURCEDIR Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/20412/info phpWebSite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker...

phpWebSite 0.10.2 Remote File Include Vulnerabilities

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : phpWebSite 0.10.2 Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...

phpWebSite 0.10.2 - 'PHPWS_SOURCE_DIR' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/20412/info phpWebSite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the underlying system; other...

GLSA-200605-04 : phpWebSite: Local file inclusion

The remote host is affected by the vulnerability described in GLSA-200605-04 phpWebSite: Local file inclusion rgod has reported that the 'hubdir' parameter in 'index.php' isn't properly verified. When 'magicquotesgpc' is disabled, this can be exploited to include arbitrary files from local...

phpWebSite: Local file inclusion

Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...

CVE-2005-4792

CVE-2005-4792 is a SQL injection in phpWebSite’s index.php (versions

CVE-2005-4792

SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

The CVE-2006-1819 issue affects phpWebSite prior to 0.10.2, where the hub_dir parameter in index.php is not properly validated, enabling local file inclusion via include() and possible PHP code execution. The root cause is inadequate verification of hub_dir, which can allow an attacker to referen...

phpWebSite index.php hub_dir Parameter Local File Inclusion

The version of phpWebSite installed on the remote host fails to sanitize input to the 'hubdir' parameter of the 'index.php' script before using it in a PHP 'include' function. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this issue to vie...

phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPWebSite = 0.10.2 remote cmmnds xctn\r\n"; echo "- arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; i...

phpWebSite 0.10.2 - hub_dir Remote Command Execution

phpWebSite 0.10.2 - hubdir Remote Command Execution !/usr/bin/php -q -d shortopentag=on arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if $argc 0 include$hubdir . 'conf/config.php'...

phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit

--------------------------------------------------------------------------- phpWebSite = 0.10.? topics.php Remote SQL Injection Exploit --------------------------------------------------------------------------- Discovered By SnIpErSA Author : SnIpErSA Exploit in Perl :...

phpWebSite 0.10.2 - 'hub_dir' Remote Command Execution

!/usr/bin/php -q -d shortopentag=on arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if $argc 0 include$hubdir . 'conf/config.php'; define'PHPWSSOURCEDIR', $sourcedir; else...

Sql injection

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to 1 friend.php or 2 article.php...

CVE-2006-1330

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to 1 friend.php or 2 article.php...

CVE-2006-1330

CVE-2006-1330 : Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php . This entry is referenced by the NVD listing, which assigns a base score of 7.5 (HIGH) with ne...

CVE-2006-1330

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to 1 friend.php or 2 article.php...