High
CVE-2007-2677
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.ph…
Tag: Remote File Inclusion (RFI)
All CVEs associated with "Remote File Inclusion (RFI)". Page 15/26 • 3072 CVEs.
Subscribe CVEs: RSS for “Remote File Inclusion (RFI)” · RSS (High+Critical only)
About “Remote File Inclusion (RFI)”
A curated feed of “Remote File Inclusion (RFI)”-related CVEs appears below. We currently track 3072 CVEs for this tag (all time). In the last 365 days, 757 were published. Average CVSS is 7.5 (all time; 8.0 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-829 - Inclusion of Functionality from Untrusted Control Sphere.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-05-14
2007-05-13
Medium
CVE-2007-2634
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i…
2007-05-11
High
CVE-2007-2628
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a UR…
High
CVE-2007-2620
PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.
High
CVE-2007-2594
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
High
CVE-2007-2596
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
High
CVE-2007-2597
Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2)…
High
CVE-2007-2607
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
High
CVE-2007-2608
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
High
CVE-2007-2609
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php,…
Medium
CVE-2007-2611
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3)…
High
CVE-2007-2614
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
High
CVE-2007-2615
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/d…
2007-05-09
High
CVE-2007-2569
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.in…
High
CVE-2007-2570
PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.
High
CVE-2007-2572
PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary P…
High
CVE-2007-2573
PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.
High
CVE-2007-2575
PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2007-2558
PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this…
High
CVE-2007-2559
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, an…
High
CVE-2007-2540
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/im…
High
CVE-2007-2541
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
High
CVE-2007-2542
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2007-2544
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file pa…
High
CVE-2007-2545
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfi…
High
CVE-2007-2530
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (…
High
CVE-2007-2531
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
2007-05-08
High
CVE-2007-2527
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index…
High
CVE-2007-2521
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
2007-05-04
High
CVE-2007-2504
PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: th…
Critical
CVE-2007-2493
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path paramet…
2007-05-03
Medium
CVE-2007-2481
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PH…
Medium
CVE-2007-2484
PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary…
High
CVE-2007-2485
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parame…
High
CVE-2007-2477
PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been dispute…
2007-05-02
High
CVE-2007-2474
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) inclu…
High
CVE-2007-2457
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_pat…
High
CVE-2007-2458
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.li…
High
CVE-2007-2460
PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT paramete…
High
CVE-2007-2456
Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in…
Critical
CVE-2007-2422
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter…
High
CVE-2007-2424
PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
High
CVE-2007-2426
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2007-2428
Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.
2007-05-01
High
CVE-2007-2411
PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this…
2007-04-30
High
CVE-2007-2358
Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c)…
High
CVE-2007-2364
Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgr…
2007-04-27
High
CVE-2007-2345
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
High
CVE-2007-2346
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2)…
High
CVE-2007-2347
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path…
Medium
CVE-2007-2340
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parame…
High
CVE-2007-2341
PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
Critical
CVE-2007-2325
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
High
CVE-2007-2326
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smar…
High
CVE-2007-2327
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
High
CVE-2007-2328
PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.
High
CVE-2007-2329
PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2007-2330
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
High
CVE-2007-2331
PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter.
2007-04-26
High
CVE-2007-2298
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1)…
High
CVE-2007-2301
Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) lis…
High
CVE-2007-2302
PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.
High
CVE-2007-2307
PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
High
CVE-2007-2311
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has be…
High
CVE-2007-2313
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
High
CVE-2007-2317
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code vi…
Medium
CVE-2007-2319
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…
High
CVE-2007-2286
PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.
High
CVE-2007-2287
PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
High
CVE-2007-2288
PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
High
CVE-2007-2289
PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a…
High
CVE-2007-2290
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.…
2007-04-25
High
CVE-2007-2272
PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir…
High
CVE-2007-2273
PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
High
CVE-2007-2278
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the…
High
CVE-2007-2254
PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir pa…
High
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path…
High
CVE-2007-2257
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
High
CVE-2007-2258
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
High
CVE-2007-2260
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) so…
High
CVE-2007-2261
PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter…
High
CVE-2007-2262
Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters…
2007-04-24
Medium
CVE-2007-2199
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joo…
High
CVE-2007-2201
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) them…
Medium
CVE-2007-2202
PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbi…
High
CVE-2007-2204
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mys…
High
CVE-2007-2205
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _L…
High
CVE-2007-2208
Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php…
Medium
CVE-2007-2181
PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a d…
Medium
CVE-2007-2185
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) adm…
Medium
CVE-2007-2189
PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in…
Medium
CVE-2007-2190
PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.
Medium
CVE-2007-2196
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosCo…
2007-04-22
Medium
CVE-2007-2166
PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgP…
2007-04-19
High
CVE-2007-2140
PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
High
CVE-2007-2142
Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.…
High
CVE-2007-2143
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Medium
CVE-2007-2144
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2007-2154
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder p…
High
CVE-2007-2156
Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) foo…
High
CVE-2007-2158
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
2007-04-18
Medium
CVE-2006-7194
PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL…
Medium
CVE-2007-2084
PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) po…
Medium
CVE-2007-2086
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
Medium
CVE-2007-2087
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2007-2088
Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2)…
Medium
CVE-2007-2089
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2007-2091
PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code…
High
CVE-2007-2094
PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.
High
CVE-2007-2095
PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498.
High
CVE-2007-2096
PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path p…
High
CVE-2007-2097
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or…
High
CVE-2007-2103
Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.…
High
CVE-2007-2064
Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB…
High
CVE-2007-2065
PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER paramete…
High
CVE-2007-2067
Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) i…
Medium
CVE-2007-2068
Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/busin…
High
CVE-2007-2070
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to…
High
CVE-2007-2072
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disput…
High
CVE-2007-2073
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.