Total
28647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2024-04-11 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199 | |||||
CVE-2007-2626 | 1 Free Php Scripts | 1 Schoolboard | 2024-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries | |||||
CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | |||||
CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2024-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | |||||
CVE-2007-2504 | 1 Php Turbulence | 1 Php Turbulence | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | |||||
CVE-2007-2503 | 1 Php Turbulence | 1 Php Turbulence | 2024-04-11 | 10.0 HIGH | N/A |
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | |||||
CVE-2007-2477 | 1 Phpmychat | 1 Phpmychat | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value | |||||
CVE-2007-2422 | 1 Comdev | 1 Modules Builder | 2024-04-11 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string | |||||
CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2024-04-11 | 7.8 HIGH | N/A |
Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use | |||||
CVE-2007-2411 | 1 Sphider | 1 Sphider | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | |||||
CVE-2007-2358 | 1 B2evolution | 1 B2evolution | 2024-04-11 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used | |||||
CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use | |||||
CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2024-04-11 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request | |||||
CVE-2007-2097 | 1 Openconcept | 1 Back-end Cms | 2024-04-11 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. NOTE: this issue is disputed by a third party, who states that $includes_path is defined before use | |||||
CVE-2007-2078 | 1 Maian | 1 Weblog | 2024-04-11 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use | |||||
CVE-2007-2072 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use | |||||
CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2024-04-11 | 7.5 HIGH | N/A |
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion | |||||
CVE-2007-1987 | 1 Phpecho Cms | 1 Phpecho Cms | 2024-04-11 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use | |||||
CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2024-04-11 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | |||||
CVE-2007-1972 | 1 Bmc | 1 Performance Manager | 2024-04-11 | 7.5 HIGH | N/A |
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured |