Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Code injection

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

Code injection

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the 1 fav1url, 2 fav1name, 3 fav2url, 4 fav2name, 5 fav3url, 6 fav3name, 7 fav4url, 8 fav4nam...

Code injection

Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action...

Code injection

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

Code injection

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

Code injection

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

Code injection

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

Code injection

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...