Vulnerabilities (CVE)

Filtered by CWE-94
Total 3151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4009 1 Parallels 1 Confixx 2024-02-14 9.3 HIGH N/A
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
CVE-2021-25877 1 Youphptube 1 Youphptube 2024-02-14 9.0 HIGH 7.2 HIGH
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CVE-2012-0693 1 Whmcs 1 Whmcompletesolution 2024-02-14 5.0 MEDIUM N/A
submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.
CVE-2006-5043 2 Joomla, Joomlaboard 2 Joomla\!, Joomlaboard 2024-02-14 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2018-14399 1 Phpcms Project 1 Phpcms 2024-02-14 7.5 HIGH 9.8 CRITICAL
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
CVE-2022-36262 1 Taogogo 1 Taocms 2024-02-14 N/A 9.8 CRITICAL
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVE-2007-2458 1 Pixaria 1 Pixaria Gallery 2024-02-14 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.
CVE-2009-4094 2 Designforjoomla, Joomla 2 Com Ezine, Joomla\! 2024-02-14 7.5 HIGH N/A
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVE-2022-25578 1 Taogogo 1 Taocms 2024-02-14 7.5 HIGH 9.8 CRITICAL
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2006-6740 1 Phpprofiles 1 Phpprofiles 2024-02-14 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5234 1 Ossigeno 1 Ossigeno 2024-02-14 7.5 HIGH N/A
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
CVE-2013-6795 1 Rackspace 1 Openstack Windows Guest Agent 2024-02-14 9.3 HIGH N/A
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.
CVE-2008-5694 1 Sandbox 1 Sandbox 2024-02-14 10.0 HIGH N/A
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
CVE-2008-1760 1 Blogator-script 1 Blogator-script 2024-02-14 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVE-2006-3395 1 Webdesignhq 1 Sitebuilder-fx 2024-02-14 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
CVE-2006-2395 1 Popsoft Digital 1 Popphoto 2024-02-14 5.0 MEDIUM N/A
PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."
CVE-2002-0495 1 Cgiscript 1 Cssearch Professional 2024-02-13 10.0 HIGH N/A
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
CVE-2005-1876 1 Cutephp 1 Cutenews 2024-02-13 4.4 MEDIUM N/A
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
CVE-2005-1894 1 Flatnuke 1 Flatnuke 2024-02-13 7.5 HIGH N/A
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
CVE-2003-0395 1 Myupb 1 Ultimate Php Board 2024-02-13 7.5 HIGH N/A
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.