High
CVE-2006-6018
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector tha…
Tag: PHP
All CVEs associated with "PHP". Page 275/312 • 37332 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37332 CVEs for this tag (all time). In the last 365 days, 6068 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-11-21
Medium
CVE-2006-6019
Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Medium
CVE-2006-6020
Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.
High
CVE-2006-6023
PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issu…
Medium
CVE-2006-6028
Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter.
Medium
CVE-2006-6032
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_bl…
High
CVE-2006-6033
Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) s…
2006-11-20
Medium
CVE-2006-5985
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) b…
Medium
CVE-2006-5986
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined w…
2006-11-17
High
CVE-2006-5948
PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
High
CVE-2006-5951
PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
2006-11-16
High
CVE-2006-5926
Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details…
High
CVE-2006-5928
Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php,…
High
CVE-2006-5929
PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the proven…
High
CVE-2006-5930
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR para…
Medium
CVE-2006-5931
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code vi…
High
CVE-2006-5935
SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter.
2006-11-15
Medium
CVE-2006-5897
Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) color…
High
CVE-2006-5899
PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been dispu…
Medium
CVE-2006-5900
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web scrip…
High
CVE-2006-5904
Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.ph…
Medium
CVE-2006-5905
Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/option…
High
CVE-2006-5906
PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary…
High
CVE-2006-5907
SQL injection vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary SQL commands…
High
CVE-2006-5908
Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL com…
Medium
CVE-2006-5909
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or…
High
CVE-2006-5910
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreport…
High
CVE-2006-5911
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (…
High
CVE-2006-5914
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_…
Medium
CVE-2006-5915
Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_…
High
CVE-2006-5917
Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) artic…
High
CVE-2006-5918
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Down…
High
CVE-2006-5919
PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit…
High
CVE-2006-5920
PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus dispu…
Medium
CVE-2006-5921
Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment field…
Medium
CVE-2006-5922
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
High
CVE-2006-5923
PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
Medium
CVE-2006-5924
Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenanc…
2006-11-14
High
CVE-2006-5889
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-5893
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and…
Medium
CVE-2006-5894
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) i…
High
CVE-2006-5895
PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
2006-11-11
High
CVE-2006-5863
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
High
CVE-2006-5865
PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.
Medium
CVE-2006-5866
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
2006-11-10
High
CVE-2006-5839
PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.
High
CVE-2006-5841
Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosma…
Medium
CVE-2006-5843
Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.
Medium
CVE-2006-5844
Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php w…
Medium
CVE-2006-5845
Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.
Medium
CVE-2006-5846
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vecto…
Medium
CVE-2006-5847
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
High
CVE-2006-5849
PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
High
CVE-2006-5840
Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to sl…
Medium
CVE-2006-5825
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.
Medium
CVE-2006-5827
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) passwo…
High
CVE-2006-5828
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
Medium
CVE-2006-5829
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) c…
Medium
CVE-2006-5830
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid,…
High
CVE-2006-5831
PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_pag…
Medium
CVE-2006-5832
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aio…
High
CVE-2006-5833
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary c…
Medium
CVE-2006-5834
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
High
CVE-2006-5837
Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg para…
Medium
CVE-2006-5838
PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via th…
2006-11-08
Medium
CVE-2006-5810
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
Medium
CVE-2006-5811
PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[…
High
CVE-2006-5816
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin paramete…
High
CVE-2006-5795
Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir paramet…
High
CVE-2006-5796
Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in t…
High
CVE-2006-5802
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-5803
PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module…
High
CVE-2006-5804
PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
2006-11-07
High
CVE-2006-5786
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie coo…
High
CVE-2006-5787
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/…
High
CVE-2006-5788
PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter.
Medium
CVE-2006-5651
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
High
CVE-2006-5776
Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE:…
High
CVE-2006-5777
Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php…
2006-11-06
High
CVE-2006-5760
Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2)…
Medium
CVE-2006-5761
Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.
Medium
CVE-2006-5762
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: t…
Medium
CVE-2006-5763
Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2006-5764
PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the p…
High
CVE-2006-5765
SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
High
CVE-2006-5766
PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter.
Medium
CVE-2006-5767
PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
High
CVE-2006-5768
Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parame…
Medium
CVE-2006-5770
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a)…
High
CVE-2006-5772
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.
Medium
CVE-2006-5773
Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action par…
Medium
CVE-2006-5775
Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name par…
Medium
CVE-2006-5759
index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error m…
Medium
CVE-2006-5730
PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via…
Medium
CVE-2006-5731
Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] p…
Medium
CVE-2006-5732
SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.
High
CVE-2006-5733
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie…
High
CVE-2006-5734
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.…
High
CVE-2006-5735
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parame…
Medium
CVE-2006-5736
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_li…
High
CVE-2006-5739
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_r…
Medium
CVE-2006-5727
PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[setting…
2006-11-04
Medium
CVE-2006-5702
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-ar…
Medium
CVE-2006-5703
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demon…
Medium
CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequen…
High
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2…
High
CVE-2006-5707
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Medium
CVE-2006-5716
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is no…
Medium
CVE-2006-5717
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified paramete…
Medium
CVE-2006-5718
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, whic…
High
CVE-2006-5719
SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue t…
High
CVE-2006-5720
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat p…
Medium
CVE-2006-5722
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parame…
High
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
2006-11-03
Critical
CVE-2006-5678
PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other pro…
Medium
CVE-2006-5676
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter.
High
CVE-2006-5665
PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_r…
High
CVE-2006-5666
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from th…
High
CVE-2006-5667
Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.ph…
High
CVE-2006-5669
PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL…