CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

Enthusiast show_joined.php远程文件包含漏洞

BUGTRAQ ID: 32205 Enthusiast是一个成员列表集中管理脚本。 Enthusiast的showjoined.php文件没有正确地验证对path参数的输入参数便用于包含文件： /showjoined.php line:261-264 p class="showjoinedcredits" a href="http://scripts.indisguise.org"Powered by Enthusiast ?php include $path . 'showenthversion.php' ?/a /p...

Enthusiast 3.1.4 (show_joined.php path) Remote File Inclusion Vuln

Exploit for unknown platform in category web applications ================================================================== Enthusiast 3.1.4 showjoined.php path Remote File Inclusion Vuln ==================================================================...

CVE-2007-0484

The CVE-2007-0484 entry describes multiple SQL injection vulnerabilities in Enthusiast 3.1. The issue arises in the server-side handling of the cat parameter for show_owned.php, show_joined.php, and possibly other files, enabling remote attackers to execute arbitrary SQL commands. The provided do...