High
CVE-2006-6958
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) r…
Tag: Remote File Inclusion (RFI)
All CVEs associated with "Remote File Inclusion (RFI)". Page 18/26 • 3072 CVEs.
Subscribe CVEs: RSS for “Remote File Inclusion (RFI)” · RSS (High+Critical only)
About “Remote File Inclusion (RFI)”
A curated feed of “Remote File Inclusion (RFI)”-related CVEs appears below. We currently track 3072 CVEs for this tag (all time). In the last 365 days, 757 were published. Average CVSS is 7.5 (all time; 8.0 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-829 - Inclusion of Functionality from Untrusted Control Sphere.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-01-29
Medium
CVE-2006-6962
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolu…
High
CVE-2006-6963
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.def…
2007-01-26
High
CVE-2007-0530
Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) adden…
High
CVE-2007-0531
PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
High
CVE-2007-0508
PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.
Medium
CVE-2007-0511
Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.ph…
2007-01-25
Critical
CVE-2007-0495
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
Critical
CVE-2007-0496
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
Medium
CVE-2007-0497
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir param…
High
CVE-2007-0498
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
Medium
CVE-2007-0499
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
High
CVE-2007-0500
PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
Medium
CVE-2007-0501
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via…
High
CVE-2007-0485
PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
High
CVE-2007-0486
Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/l…
High
CVE-2007-0487
PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by t…
Medium
CVE-2007-0489
PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig…
Medium
CVE-2007-0491
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different v…
2007-01-19
High
CVE-2007-0395
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
High
CVE-2007-0359
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
High
CVE-2007-0360
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
High
CVE-2007-0361
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
2007-01-18
Medium
CVE-2007-0300
PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
Medium
CVE-2007-0301
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2007-0307
PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.
High
CVE-2007-0314
Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.p…
2007-01-17
Medium
CVE-2007-0298
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.
2007-01-16
High
CVE-2007-0260
PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third part…
2007-01-13
High
CVE-2007-0230
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties disp…
High
CVE-2007-0232
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
2007-01-12
High
CVE-2007-0182
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_passw…
High
CVE-2007-0189
PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this…
High
CVE-2007-0190
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
2007-01-11
High
CVE-2007-0200
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiom…
High
CVE-2007-0181
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] paramet…
High
CVE-2007-0170
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
High
CVE-2007-0171
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
High
CVE-2007-0172
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php…
High
CVE-2007-0178
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
2007-01-09
Medium
CVE-2007-0143
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2…
High
CVE-2007-0145
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector tha…
High
CVE-2007-0150
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
Medium
CVE-2007-0135
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in t…
2007-01-04
High
CVE-2007-0050
PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed…
2006-12-31
High
CVE-2006-6830
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
High
CVE-2006-6843
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance…
High
CVE-2006-6850
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root p…
Critical
CVE-2006-6863
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE…
Critical
CVE-2006-6864
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
High
CVE-2006-6867
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter…
High
CVE-2006-6883
PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, si…
2006-12-29
High
CVE-2006-6809
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via…
High
CVE-2006-6812
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or…
High
CVE-2006-6823
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
2006-12-28
Medium
CVE-2006-6800
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
Medium
CVE-2006-6801
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
High
CVE-2006-6788
Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
High
CVE-2006-6789
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
High
CVE-2006-6793
PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
High
CVE-2006-6795
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepa…
Medium
CVE-2006-6796
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
2006-12-27
Medium
CVE-2006-6770
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the in…
Medium
CVE-2006-6771
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS…
Medium
CVE-2006-6774
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the…
High
CVE-2006-6763
Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) a…
Medium
CVE-2006-6764
PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in th…
High
CVE-2006-6760
Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPag…
High
CVE-2006-6748
PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of…
2006-12-26
Medium
CVE-2006-6732
PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.
Medium
CVE-2006-6738
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2006-6739
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CV…
High
CVE-2006-6740
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php o…
High
CVE-2006-6726
PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter.
High
CVE-2006-6727
PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
2006-12-23
High
CVE-2006-6720
PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.
High
CVE-2006-6710
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2)…
High
CVE-2006-6711
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
Medium
CVE-2006-6715
PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sett…
2006-12-21
Medium
CVE-2006-6686
PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
High
CVE-2006-6689
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scrip…
High
CVE-2006-6691
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1)…
2006-12-20
High
CVE-2006-6666
PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.
Medium
CVE-2006-6644
PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2006-6645
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via…
High
CVE-2006-6648
PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.
Medium
CVE-2006-6650
PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the modu…
2006-12-18
High
CVE-2006-6630
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
Medium
CVE-2006-6631
PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
Medium
CVE-2006-6632
PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter.
High
CVE-2006-6633
PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] paramet…
High
CVE-2006-6634
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the…
High
CVE-2006-6635
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
High
CVE-2006-6611
PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
High
CVE-2006-6612
PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.
High
CVE-2006-6615
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module…
2006-12-15
High
CVE-2006-6575
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the L…
High
CVE-2006-6581
PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter.
High
CVE-2006-6586
Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secur…
High
CVE-2006-6590
PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.
High
CVE-2006-6591
PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter.
High
CVE-2006-6592
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.ph…
High
CVE-2006-6593
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
High
CVE-2006-6566
PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL…
Critical
CVE-2006-6567
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_…
2006-12-14
High
CVE-2006-6549
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerabi…
High
CVE-2006-6550
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this v…
High
CVE-2006-6551
PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to exec…
High
CVE-2006-6552
PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter.
High
CVE-2006-6553
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path p…
High
CVE-2006-6560
PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the mod…
High
CVE-2006-6541
PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter…
High
CVE-2006-6545
PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2006-6546
PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter.
High
CVE-2006-6516
Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) li…
High
CVE-2006-6526
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
High
CVE-2006-6527
PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of…
2006-12-11
High
CVE-2006-6462
PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter.
2006-12-10
Medium
CVE-2006-6453
PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.
High
CVE-2006-6415
PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a differe…