Medium
CVE-2007-2716
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) sta…
Tag: PHP
All CVEs associated with "PHP". Page 263/312 • 37334 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37334 CVEs for this tag (all time). In the last 365 days, 6058 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-05-16
High
CVE-2007-2717
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
Medium
CVE-2007-2720
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules…
High
CVE-2007-2706
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html…
Medium
CVE-2007-2707
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed paramete…
High
CVE-2007-2708
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
High
CVE-2007-2709
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
High
CVE-2007-2710
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter.…
Critical
CVE-2007-2714
Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
Critical
CVE-2007-2715
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
2007-05-15
Medium
CVE-2007-2679
PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file p…
High
CVE-2007-2681
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
2007-05-14
Medium
CVE-2007-2659
Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the d…
Medium
CVE-2007-2660
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows…
High
CVE-2007-2663
PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.
High
CVE-2007-2664
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to…
High
CVE-2007-2665
PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
Medium
CVE-2007-2669
Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.ph…
Medium
CVE-2007-2670
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
High
CVE-2007-2672
SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.
High
CVE-2007-2673
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter i…
High
CVE-2007-2674
SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
High
CVE-2007-2675
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
High
CVE-2007-2676
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
High
CVE-2007-2677
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.ph…
Medium
CVE-2007-0689
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers…
Medium
CVE-2007-1901
SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b)…
Medium
CVE-2007-1902
Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b)…
Low
CVE-2007-1903
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
Medium
CVE-2007-2647
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gad…
2007-05-13
Medium
CVE-2007-2632
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to…
Medium
CVE-2007-2634
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i…
Medium
CVE-2007-2636
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist…
High
CVE-2007-2642
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
Medium
CVE-2007-2643
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
2007-05-11
Medium
CVE-2007-2624
Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly…
Medium
CVE-2007-2625
Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unsp…
High
CVE-2007-2626
SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, bec…
Medium
CVE-2007-2627
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the quer…
High
CVE-2007-2628
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a UR…
Medium
CVE-2007-2630
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly o…
Medium
CVE-2007-2618
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parame…
High
CVE-2007-2620
PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.
High
CVE-2007-2621
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
High
CVE-2007-2622
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter t…
High
CVE-2007-2594
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
High
CVE-2007-2596
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
High
CVE-2007-2597
Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2)…
Critical
CVE-2007-2598
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
High
CVE-2007-2599
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCa…
Medium
CVE-2007-2600
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile paramet…
High
CVE-2007-2607
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
High
CVE-2007-2608
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
High
CVE-2007-2609
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php,…
Medium
CVE-2007-2611
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3)…
High
CVE-2007-2612
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only…
High
CVE-2007-2614
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
High
CVE-2007-2615
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/d…
Medium
CVE-2007-2589
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute…
2007-05-09
High
CVE-2007-2569
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.in…
High
CVE-2007-2570
PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.
High
CVE-2007-2571
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
High
CVE-2007-2572
PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary P…
High
CVE-2007-2573
PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.
Medium
CVE-2007-2574
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
High
CVE-2007-2575
PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2007-2577
Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/lis…
High
CVE-2007-2578
Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parame…
Medium
CVE-2007-2579
Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the…
High
CVE-2006-7202
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
High
CVE-2007-2558
PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this…
High
CVE-2007-2559
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, an…
Medium
CVE-2007-2560
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
Medium
CVE-2007-2562
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
Medium
CVE-2007-0605
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.
High
CVE-2007-0608
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2…
Medium
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (…
Medium
CVE-2007-2547
Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
Medium
CVE-2007-2548
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."
High
CVE-2007-2549
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
Medium
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie…
Medium
CVE-2007-2551
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Medium
CVE-2007-2537
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the…
High
CVE-2007-2538
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
High
CVE-2007-2540
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/im…
High
CVE-2007-2541
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
High
CVE-2007-2542
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2007-2543
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
High
CVE-2007-2544
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file pa…
High
CVE-2007-2545
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfi…
High
CVE-2007-1864
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
Low
CVE-2007-2509
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earl…
Medium
CVE-2007-2510
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
High
CVE-2007-2511
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
High
CVE-2007-2530
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (…
High
CVE-2007-2531
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
Medium
CVE-2007-2532
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to…
Critical
CVE-2007-2534
Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a log…
2007-05-08
High
CVE-2007-2527
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index…
High
CVE-2007-2521
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
2007-05-04
Critical
CVE-2007-2503
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] paramet…
High
CVE-2007-2504
PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: th…
High
CVE-2007-2507
Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.
High
CVE-2007-2492
SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.
Critical
CVE-2007-2493
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path paramet…
Medium
CVE-2007-2499
Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s param…
2007-05-03
Medium
CVE-2007-2481
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PH…
Medium
CVE-2007-2482
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitr…
Medium
CVE-2007-2483
Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbi…
Medium
CVE-2007-2484
PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary…
High
CVE-2007-2485
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parame…
High
CVE-2007-2477
PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been dispute…
2007-05-02
High
CVE-2007-2469
SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
Medium
CVE-2007-2470
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section…
Medium
CVE-2007-2471
Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.
Medium
CVE-2007-2472
Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of…
High
CVE-2007-2473
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
High
CVE-2007-2474
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) inclu…
High
CVE-2007-2457
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_pat…
High
CVE-2007-2458
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.li…