Medium
CVE-2008-2224
Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_di…
Tag: Remote File Inclusion (RFI)
All CVEs associated with "Remote File Inclusion (RFI)". Page 12/26 • 3072 CVEs.
Subscribe CVEs: RSS for “Remote File Inclusion (RFI)” · RSS (High+Critical only)
About “Remote File Inclusion (RFI)”
A curated feed of “Remote File Inclusion (RFI)”-related CVEs appears below. We currently track 3072 CVEs for this tag (all time). In the last 365 days, 757 were published. Average CVSS is 7.5 (all time; 8.0 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-829 - Inclusion of Functionality from Untrusted Control Sphere.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2008-05-14
Critical
CVE-2008-2228
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code…
High
CVE-2008-2193
PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
Medium
CVE-2008-2198
PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code…
Medium
CVE-2008-2199
PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a…
2008-05-09
High
CVE-2008-2128
PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vuln…
2008-05-05
High
CVE-2008-2074
Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sys…
2008-04-30
High
CVE-2008-2016
PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default U…
2008-04-27
Critical
CVE-2008-1989
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a…
2008-04-25
High
CVE-2008-1963
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.
2008-04-22
High
CVE-2008-1903
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the new…
2008-04-18
High
CVE-2008-1893
PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter.
2008-04-17
Medium
CVE-2008-1862
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables…
Medium
CVE-2008-1876
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
2008-04-14
Medium
CVE-2008-1773
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Medium
CVE-2008-1776
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
2008-04-12
Medium
CVE-2008-1760
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2…
2008-04-09
High
CVE-2008-1712
PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
2008-04-04
Medium
CVE-2008-1682
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP cod…
2008-04-02
Medium
CVE-2008-1622
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. N…
2008-04-01
Medium
CVE-2008-1609
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum…
2008-03-28
Medium
CVE-2008-1537
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page p…
2008-03-25
Critical
CVE-2008-1511
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and…
High
CVE-2008-1505
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpa…
2008-03-24
High
CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.…
2008-03-20
Medium
CVE-2008-1405
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
Medium
CVE-2008-1416
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) me…
2008-03-18
Medium
CVE-2008-1370
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this info…
2008-03-05
Medium
CVE-2008-1170
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
Medium
CVE-2008-1171
Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123fla…
2008-03-03
Medium
CVE-2008-1128
PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Medium
CVE-2008-1123
Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) f…
Medium
CVE-2008-1124
Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) compo…
Medium
CVE-2008-1126
PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.
2008-02-29
Medium
CVE-2008-1074
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.
2008-02-28
Medium
CVE-2008-1067
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/up…
Medium
CVE-2008-1068
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.p…
Medium
CVE-2008-1069
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_reques…
High
CVE-2008-1059
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the lib…
2008-02-27
Medium
CVE-2008-1038
PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.
High
CVE-2008-1043
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu…
Medium
CVE-2008-1046
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
Medium
CVE-2008-1051
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
2008-02-19
Medium
CVE-2008-0804
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
2008-02-15
High
CVE-2008-0803
Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\cl…
2008-02-13
Critical
CVE-2008-0743
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
2008-02-07
High
CVE-2008-0645
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.p…
Medium
CVE-2008-0648
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; an…
2008-02-05
Medium
CVE-2008-0566
PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_pro…
High
CVE-2008-0567
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mo…
Medium
CVE-2008-0572
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php;…
2008-02-04
Medium
CVE-2008-0560
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm paramet…
2008-01-31
High
CVE-2008-0502
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templat…
Critical
CVE-2008-0516
PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the prove…
2008-01-25
High
CVE-2008-0442
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CV…
High
CVE-2008-0448
PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter.
High
CVE-2008-0450
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DI…
2008-01-23
Medium
CVE-2008-0423
Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.ph…
High
CVE-2008-0433
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loa…
2008-01-22
Medium
CVE-2008-0376
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.
2008-01-16
Medium
CVE-2008-0287
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
Medium
CVE-2008-0289
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE:…
2008-01-15
Medium
CVE-2008-0283
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
2008-01-11
High
CVE-2008-0230
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
High
CVE-2008-0231
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme we…
2008-01-08
High
CVE-2008-0137
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
Medium
CVE-2008-0138
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code vi…
High
CVE-2008-0143
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2008-0144
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be levera…
2008-01-04
High
CVE-2007-6649
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
High
CVE-2007-6655
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
High
CVE-2007-6657
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_roo…
2008-01-03
Medium
CVE-2007-6614
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter,…
2007-12-28
High
CVE-2007-6568
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape paramet…
Medium
CVE-2007-6585
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
Medium
CVE-2007-6553
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.clas…
Critical
CVE-2007-6555
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL i…
2007-12-27
High
CVE-2007-6542
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
2007-12-20
High
CVE-2007-6485
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php o…
Medium
CVE-2007-6488
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php o…
Medium
CVE-2007-6464
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) c…
2007-12-14
Medium
CVE-2007-6348
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, whi…
2007-12-13
Medium
CVE-2007-6347
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute…
Medium
CVE-2007-6324
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Medium
CVE-2007-6325
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a d…
2007-12-10
Medium
CVE-2007-6289
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang…
Medium
CVE-2007-6296
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
2007-12-04
High
CVE-2007-6229
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path…
High
CVE-2007-6231
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statis…
Medium
CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in so…
Medium
CVE-2007-6218
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b)…
2007-11-30
Medium
CVE-2007-6191
Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incp…
High
CVE-2007-6177
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
High
CVE-2007-6178
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir par…
High
CVE-2007-6179
Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2)…
2007-11-27
Medium
CVE-2007-6133
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path param…
Medium
CVE-2007-6139
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
Medium
CVE-2007-6147
Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_pa…
2007-11-26
Medium
CVE-2007-6129
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.…
2007-11-23
Medium
CVE-2007-6105
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php…
2007-11-22
Critical
CVE-2007-6088
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path par…
Critical
CVE-2007-6089
PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
2007-11-20
Medium
CVE-2007-6057
PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg paramete…
Medium
CVE-2007-6042
PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the…
Medium
CVE-2007-6038
PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_a…
Medium
CVE-2007-6027
PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a UR…
2007-11-15
Medium
CVE-2007-5994
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a…
Medium
CVE-2007-5995
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
2007-11-08
Critical
CVE-2007-5889
Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php…
2007-11-06
Medium
CVE-2007-5840
PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter,…
Medium
CVE-2007-5841
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
Medium
CVE-2007-5842
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or…
Medium
CVE-2007-5843
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
High
CVE-2007-5844
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NO…
2007-11-03
Medium
CVE-2007-5800
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_pa…
2007-11-01
Medium
CVE-2007-5780
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
Medium
CVE-2007-5781
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
Medium
CVE-2007-5784
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
High
CVE-2007-5786
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe…
2007-10-31
Medium
CVE-2007-5754
PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.