CVE-2007-2371

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

CVE-2007-2169

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

Code injection

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...

CVE-2007-2167

The CVE-2007-2167 issue affects AimStats 3.2 and is caused by a vulnerability in process.php where the number parameter in an update action allows remote attackers to inject PHP code into config.php. This is a static code injection scenario that could enable arbitrary code execution in the PHP en...

CVE-2007-2168

CVE-2007-2168 affects AimStats 3.2 and earlier. A static code injection in process.php allows remote attackers to inject PHP code into config.php via the databasehost parameter, enabling potential config tampering and partial system compromise. No remediation details are provided in the linked do...

CVE-2007-2169

CVE-2007-2169 describes a static code injection vulnerability in Mozzers SubSystem 1.0, specifically in add.php. The issue allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url fields. An earlier report suggests the add action can also be reached through a r...

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

Code injection

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter...

CVE-2007-2141

CVE-2007-2141 affects ShoutPro 1.5.2 and is a Direct static code injection vulnerability in shoutbox.php. An attacker can inject arbitrary PHP code into shouts.php via the shout parameter, enabling remote code execution. The underlying root cause is unsanitized input handling in shoutbox.php, lea...

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

CVE-2007-2148

CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Code injection

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter...

CVE-2007-2092

Vulnerability summary (CVE-2007-2092): Direct static code injection in the PHP file index.php of Limesoft Guestbook (LS Simple Guestbook). An attacker can inject arbitrary PHP code into posts.txt via the name parameter, enabling code execution on the server. The issue is tied to feeding unsanitiz...

Code injection

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book HGB 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php...

Code injection

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php...

CVE-2007-1635

CVE-2007-1635 describes a static code injection in Net Portal Dynamic System (NPDS)

CVE-2007-1525

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

Code injection

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...