CVE Daily
← All tags

Tag: PHP

All CVEs associated with "PHP". Page 271/312 • 37332 CVEs.

Subscribe CVEs: RSS for “PHP”  ·  RSS (High+Critical only)

About “PHP”

A curated feed of “PHP”-related CVEs appears below. We currently track 37332 CVEs for this tag (all time). In the last 365 days, 6068 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-01-30
High

CVE-2007-0570

PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0571

PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0572

PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0573

PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0574

SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines par…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0576

PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0577

PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0580

PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0581

PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0584

PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the inclu…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-0585

include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are o…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2007-0558

PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0559

PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0561

Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admi…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-29
Medium

CVE-2006-6965

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-0542

Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0544

Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vecto…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2007-0549

Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0550

Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0551

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][im…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0553

Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url pa…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6957

PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2006-6958

Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) r…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2006-6962

PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolu…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2006-6963

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.def…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-26
High

CVE-2007-0517

Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0518

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2007-0519

Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2007-0520

SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2007-0526

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/lis…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-0527

SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie p…

CVSS: 6.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2007-0529

Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2007-0530

Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) adden…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0531

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0532

Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-0535

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, wh…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-0504

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-0508

PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0511

Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.ph…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-25
Critical

CVE-2007-0495

PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-0496

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-0497

PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir param…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0498

PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0499

PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2007-0500

PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0501

PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2007-0502

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0477

Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attac…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0483

Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: T…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0484

Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0485

PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0486

Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/l…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2007-0487

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by t…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0489

PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0490

index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-0491

PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different v…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0492

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The pr…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-24
High

CVE-2007-0471

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to b…

CVSS: 7.5 CWE: CWE-264 View on NVD
2007-01-23
Medium

CVE-2006-6951

Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 6.8 CWE: N/A View on NVD
2007-01-22
Medium

CVE-2007-0399

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient o…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2007-0400

Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0401

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0402

Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username para…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0403

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVSS: 7.5 CWE: N/A View on NVD
2007-01-19
High

CVE-2006-6945

SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id para…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0370

Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0372

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_c…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0373

Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plu…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0375

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentica…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-0377

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/ta…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0382

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via t…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0385

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-0387

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0388

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0390

Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0395

PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0364

Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) sugges…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2007-0350

Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2007-0353

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0354

SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0359

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0360

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0361

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0363

Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6941

index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-0349

Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-01-18
Medium

CVE-2007-0329

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: th…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-0335

Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1)…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0337

Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demo…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0339

SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: s…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0340

SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0346

SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0300

PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0301

PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0307

PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0309

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0314

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.p…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0316

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1)…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-17
Medium

CVE-2007-0298

PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-6938

Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-01-16
Medium

CVE-2006-6934

Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-6935

SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0249

Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0250

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-0258

Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0260

PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third part…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-0261

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an ad…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-6487

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the err…

CVSS: 5.1 CWE: N/A View on NVD
2007-01-13
High

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an art…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0223

SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0230

PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties disp…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2007-0232

PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-12
High

CVE-2007-0182

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_passw…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0186

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue,…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0189

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this…

CVSS: 7.5 CWE: N/A View on NVD