6 matches found
CVE-2008-7034
CVE-2008-7034 affects PHPEcho CMS 2.0 rc3 due to a PHP remote file inclusion in kernel/smarty/Smarty.class.php. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a URL that influences the _smarty_compile_path in the fetch function. Exploitation details are not provid...
CVE-2009-2401
Cross-site scripting XSS vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post...
CVE-2007-1987
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...
CVE-2007-1988
CVE-2007-1988: XSS in PHPEcho CMS 2.0 caused by kernel/filters.inc.php handling the id parameter. Remote attacker can inject arbitrary script/HTML. The NVD CVSS2 base score is 4.3 (Medium) with no confidentiality/availability impact, partial integrity impact. No exploitation details or remediatio...
CVE-2007-1987
PHPEcho CMS 2.0 is affected by multiple PHP remote file inclusion vulnerabilities. An attacker can cause arbitrary PHP code execution via (1) the _plugin_file parameter to smarty/internals/core.load_pulgins.php and (2) the root_path parameter to index.php. The issue for (1) is mitigated by CVE no...