Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5772 1 Flatnuke3 1 Flatnuke3 2025-04-09 N/A
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
CVE-2006-5390 1 Phpbb 1 Acp User Registration Module 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5410 2 Joomla, Webmaster-tips 2 Joomla, Flash Rss Reader 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5412 1 Quoc-huy 1 Mp3 Allopass 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.
CVE-2006-5258 1 Asbru Software 2 Asbru Web Content Management, Asbru Website Manager 2025-04-09 N/A
The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.
CVE-2009-4223 1 Gianni Tommasi 1 Kr-php Web Content Server 2025-04-09 N/A
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
CVE-2007-5705 1 Jeeblestechnology 1 Jeebles Directory 2025-04-09 N/A
Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5453 1 Php-stats 1 Php-stats 2025-04-09 N/A
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
CVE-2007-5457 2 Joomla, Michael Dempfle 2 Joomla, Joomla Flash Uploader 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVE-2006-5191 1 Phpbb 1 Phpbb 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5423 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-09 N/A
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2007-5298 1 Creamotion 1 Creamotion 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
CVE-2007-4806 1 Focus Sis 1 Focus Sis 2025-04-09 N/A
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
CVE-2008-0450 1 Blog Cms 1 Blog Cms 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
CVE-2008-6531 1 Atlassian 1 Jira 2025-04-09 N/A
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
CVE-2009-1088 1 Hannonhill 1 Cascade 2025-04-09 N/A
Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.
CVE-2008-2772 1 Drupal 1 Magic Tabs Module 2025-04-09 N/A
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
CVE-2008-6251 1 Scripts 1 Phpfan 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2008-6305 1 Freedirectoryscript 1 Free Directory Script 2025-04-09 N/A
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
CVE-2006-7127 1 Salims Softhouse 1 Jaf Cms 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.