CVE-2006-5234

Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWSSOURCEDIR parameter in 1 init.php, 2 users.php, 3 Cookie.php, 4 forms.php, 5 Groups.php, 6 ModSetting.php, 7 Calendar.php, 8 DateTime.php, 9 core.php,...

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

Sql injection

SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter...

CVE-2006-0973

CVE-2006-0973 describes an SQL injection vulnerability in topics.php of the Appalachian State University phpWebSite project (version 0.10.2 and earlier). The underlying issue is that the topic parameter is used unsafely in SQL queries, allowing remote attackers to inject arbitrary SQL commands. T...