Total
3192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2498 | 2 Debian, Gggeek | 2 Debian Linux, Phpxmlrpc | 2024-02-14 | 7.5 HIGH | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | |||||
| CVE-2005-1921 | 5 Debian, Drupal, Gggeek and 2 more | 5 Debian Linux, Drupal, Phpxmlrpc and 2 more | 2024-02-14 | 7.5 HIGH | N/A |
| Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | |||||
| CVE-2011-5021 | 1 Phpids | 1 Phpids | 2024-02-14 | 7.5 HIGH | N/A |
| PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors. | |||||
| CVE-2006-1688 | 1 Squery | 1 Squery | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled. | |||||
| CVE-2011-4342 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter. | |||||
| CVE-2007-4009 | 1 Parallels | 1 Confixx | 2024-02-14 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. | |||||
| CVE-2021-25877 | 1 Youphptube | 1 Youphptube | 2024-02-14 | 9.0 HIGH | 7.2 HIGH |
| AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | |||||
| CVE-2006-5043 | 2 Joomla, Joomlaboard | 2 Joomla\!, Joomlaboard | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | |||||
| CVE-2018-14399 | 1 Phpcms Project | 1 Phpcms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | |||||
| CVE-2022-36262 | 1 Taogogo | 1 Taocms | 2024-02-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||||
| CVE-2007-2458 | 1 Pixaria | 1 Pixaria Gallery | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457. | |||||
| CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | |||||
| CVE-2022-25578 | 1 Taogogo | 1 Taocms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | |||||
| CVE-2006-6740 | 1 Phpprofiles | 1 Phpprofiles | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5234 | 1 Ossigeno | 1 Ossigeno | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter. | |||||
| CVE-2013-6795 | 1 Rackspace | 1 Openstack Windows Guest Agent | 2024-02-14 | 9.3 HIGH | N/A |
| The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary. | |||||
| CVE-2008-5694 | 1 Sandbox | 1 Sandbox | 2024-02-14 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox. | |||||
| CVE-2008-1760 | 1 Blogator-script | 1 Blogator-script | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. | |||||
| CVE-2006-3395 | 1 Webdesignhq | 1 Sitebuilder-fx | 2024-02-14 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | |||||
| CVE-2006-2395 | 1 Popsoft Digital | 1 Popphoto | 2024-02-14 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update." | |||||