CVE-2007-3141

CVE-2007-3141 affects phpWebThings 1.5.2: remote code execution via PHP remote file inclusion in core/editor.php through the editor_insert_top parameter. Bottom vector already covered by CVE-2006-6042. The connected docs confirm the vulnerability but do not provide a remediation.

phpWebThings ==>1.5.2 RFI

script:phpWebThings ==1.5.2 RFI dir url:http://sourceforge.net/project/showfiles.php?groupid=19103 author:titanichacker c0ntact:[email protected] H.P: hack-teach.com & mohandko.com & tryag.com bug in: /core/editor.php include$editorinserttop; include$editorinsertbottom; exploit:...

phpwebthings-rfi.txt

script:phpWebThings ==1.5.2 RFI dir url:http://sourceforge.net/project/showfiles.php?groupid=19103 author:titanichacker c0ntact:[email protected] H.P: hack-teach.com & mohandko.com & tryag.com bug in: /core/editor.php include$editorinserttop; include$editorinsertbottom; exploit:...

phpWebThings core/editor.php editor_insert_bottom Parameter Remote File Inclusion

The remote web server is running phpWebThings, a PHP based photo gallery management system. The version of phpWebThings installed on the remote host fails to sanitize input to the 'editorinsertbottom' parameter before using it in the 'core/editor.php' script to include PHP code. Provided PHP's...

CVE-2006-6042

PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editorinsertbottom parameter...

CVE-2006-6042

phpWebThings 1.5.2 and earlier are affected by a remote file inclusion in core/editor.php (editor_insert_bottom) when register_globals is on. The issue allows an attacker to view arbitrary files and execute arbitrary PHP code on the remote server, via a crafted URL parameter. OpenVAS corroborates...

phpWebThings 1.5.2 (editor.php) Remote File Include Vulnerability

+------------------------------------------------------------------------------------------- + phpWebThings 1.5.2 editor.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: phpWebThings 1.5.2 +...

phpWebThings <= 1.5.2 (editor.php) Remote File Include Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + phpWebThings 1.5.2 editor.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected...

PHPWebThings 1.5.2 - 'editor.php' Remote File Inclusion

+------------------------------------------------------------------------------------------- + phpWebThings 1.5.2 editor.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: phpWebThings 1.5.2 +...

PHPWebThings 1.5.2 - editor.php Remote File Inclusion

PHPWebThings 1.5.2 - editor.php Remote File Inclusion +------------------------------------------------------------------------------------------- + phpWebThings 1.5.2 editor.php Remote File Include Vulnerability...

phpWebThings <= 1.5.2 (editor.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ==================================================================== phpWebThings +------------------------------------------------------------------------------------------- + Details: + phpWebThings 1.5.2 core/editor.php does not...

phpWebThings forum Parameter SQL Injection Vulnerabilities

The version of phpWebThings installed on the remote host does not properly sanitize user input in the SPDX-FileCopyrightText: 2005 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

phpWebThings forum Parameter SQL Injection Vulnerabilities

The remote web server contains a PHP script that is prone to SQL injection attacks. Description : The remote host is running the phpWebThings application framework. The version of phpWebThings installed on the remote host does not properly sanitize user input in the 'forum' and 'msg' parameters o...

CVE-2005-4218

SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585...

CVE-2005-4226

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via 1 the ref parameter in download.php, 2 the direction, msg, sforum, reason, subname, and toform parameters in forum.php, 3 the msg and forum parameters ...

CVE-2005-4218

PHPWebThings 1.4 is affected by a SQL injection in forum.php via the msg parameter. The root cause is improper input sanitization in the forum.php handler, enabling an attacker to modify or exfiltrate data through crafted SQL. OpenVAS note indicates that remote attackers could potentially access ...

CVE-2005-4226

The connected sources confirm CVE-2005-4226 affects phpWebThings 1.4 with multiple SQL injection vectors. Specifically, unsanitized input in download.php (ref), forum.php (direction, msg, sforum, reason, subname, toform), forum_edit.php (msg, forum), forum_write.php (msg, forum), guestbook.php (t...

CVE-2005-4226

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via 1 the ref parameter in download.php, 2 the direction, msg, sforum, reason, subname, and toform parameters in forum.php, 3 the msg and forum parameters ...

CVE-2005-4218

SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585...

CVE-2005-3676

The CVE-2005-3676 entry affects PhpWebThings 1.4.4, where a vulnerability in download.php allows SQL injection via the file parameter. This enables remote attackers to execute arbitrary SQL commands, with not-fully-specified impact details beyond the NVD summary. The connected documents confirm t...