High
CVE-2007-4761
Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is…
Tag: PHP
All CVEs associated with "PHP". Page 258/312 • 37334 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37334 CVEs for this tag (all time). In the last 365 days, 6058 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-09-08
High
CVE-2007-4763
PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHP…
Medium
CVE-2007-4764
Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this informati…
2007-09-06
Medium
CVE-2007-4744
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_…
High
CVE-2007-4736
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
High
CVE-2007-4737
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) st…
High
CVE-2007-4738
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR par…
Low
CVE-2007-4741
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. N…
Medium
CVE-2007-4742
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an erro…
2007-09-05
Medium
CVE-2007-4711
Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a…
High
CVE-2007-4712
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
High
CVE-2007-4714
SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
High
CVE-2007-4715
Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php,…
Low
CVE-2007-4717
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/admin…
Medium
CVE-2007-4718
Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language paramet…
High
CVE-2007-4719
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-4723
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a…
Medium
CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
2007-09-04
High
CVE-2007-4653
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search…
High
CVE-2007-4657
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a la…
High
CVE-2007-4658
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vu…
High
CVE-2007-4659
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vect…
High
CVE-2007-4660
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
High
CVE-2007-4661
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has un…
High
CVE-2007-4662
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
High
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
Medium
CVE-2007-4652
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
Medium
CVE-2007-3996
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH va…
High
CVE-2007-3997
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as d…
Medium
CVE-2007-3998
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error…
2007-08-31
High
CVE-2007-4636
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) int…
Medium
CVE-2007-4637
xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
Medium
CVE-2007-4640
Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
Medium
CVE-2007-4641
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demons…
Medium
CVE-2007-4645
SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2…
Medium
CVE-2007-4624
Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some o…
High
CVE-2007-4627
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
High
CVE-2007-4628
SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2007-4602
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-4603
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid paramet…
High
CVE-2007-4604
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
High
CVE-2007-4605
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a d…
High
CVE-2007-4606
PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via…
High
CVE-2007-4608
PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.
Medium
CVE-2007-4610
Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to con…
High
CVE-2007-4611
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2007-4612
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be…
2007-08-30
High
CVE-2007-4596
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerabil…
High
CVE-2007-4597
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action,…
2007-08-29
High
CVE-2007-4581
SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.
High
CVE-2007-4585
Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
High
CVE-2007-4586
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as dem…
Medium
CVE-2007-4588
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or…
Medium
CVE-2007-4589
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTM…
2007-08-28
High
CVE-2007-4551
PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
High
CVE-2007-4552
SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made…
Medium
CVE-2007-4554
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username paramet…
2007-08-27
Medium
CVE-2007-4544
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Use…
High
CVE-2007-4540
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP heade…
Medium
CVE-2007-4541
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php an…
2007-08-25
Medium
CVE-2007-4522
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) i…
Low
CVE-2007-4523
Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following…
High
CVE-2007-4524
PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
High
CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-…
High
CVE-2007-4527
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of thi…
Medium
CVE-2007-4528
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and…
Medium
CVE-2007-4536
TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (…
2007-08-23
Medium
CVE-2007-4499
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the prov…
High
CVE-2007-4502
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
High
CVE-2007-4503
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
Medium
CVE-2007-4504
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path para…
High
CVE-2007-4505
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
High
CVE-2007-4506
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an…
Medium
CVE-2007-4507
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getus…
High
CVE-2007-4509
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a de…
High
CVE-2007-4491
SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
2007-08-22
Medium
CVE-2007-4480
Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
Medium
CVE-2007-4481
Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INF…
Medium
CVE-2007-4482
Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
Medium
CVE-2007-4483
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PH…
High
CVE-2007-4484
PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.
Medium
CVE-2007-4485
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote…
High
CVE-2007-4486
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[them…
2007-08-21
High
CVE-2007-4456
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later…
Medium
CVE-2007-4457
Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter.
High
CVE-2007-4458
PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter.
Medium
CVE-2007-4453
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a)…
Medium
CVE-2007-4454
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::A…
High
CVE-2007-4439
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably…
Medium
CVE-2007-4441
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the…
2007-08-20
High
CVE-2007-4435
Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.…
Medium
CVE-2007-4437
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third part…
2007-08-18
Low
CVE-2007-4412
Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) tech…
Low
CVE-2007-4413
Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a…
Critical
CVE-2007-4416
captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes…
Critical
CVE-2007-4419
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to…
Critical
CVE-2007-4421
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
2007-08-17
Medium
CVE-2007-4386
SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter.
Medium
CVE-2007-4383
PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute thi…
Medium
CVE-2007-4384
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex par…
2007-08-16
Medium
CVE-2007-4376
Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.
2007-08-15
Medium
CVE-2007-4371
Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.
Medium
CVE-2007-4359
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.ph…
Medium
CVE-2007-4362
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
2007-08-14
High
CVE-2007-4332
SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action.…
Medium
CVE-2007-4333
Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress,…
Medium
CVE-2007-4334
Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.
Critical
CVE-2007-4338
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE…
High
CVE-2007-4339
Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php…
High
CVE-2007-4340
PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter.
High
CVE-2007-4341
PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
High
CVE-2007-4342
PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third…
High
CVE-2007-4320
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
Medium
CVE-2007-4325
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
Medium
CVE-2007-4326
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) b…
Medium
CVE-2007-4327
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) dat…
Medium
CVE-2007-4328
Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2…
Medium
CVE-2007-4329
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php,…
Medium
CVE-2007-4330
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Medium
CVE-2007-4331
PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page…