High
CVE-2006-5100
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
Tag: Remote File Inclusion (RFI)
All CVEs associated with "Remote File Inclusion (RFI)". Page 21/26 • 3072 CVEs.
Subscribe CVEs: RSS for “Remote File Inclusion (RFI)” · RSS (High+Critical only)
About “Remote File Inclusion (RFI)”
A curated feed of “Remote File Inclusion (RFI)”-related CVEs appears below. We currently track 3072 CVEs for this tag (all time). In the last 365 days, 757 were published. Average CVSS is 7.5 (all time; 8.0 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-829 - Inclusion of Functionality from Untrusted Control Sphere.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-10-03
High
CVE-2006-5101
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calenda…
High
CVE-2006-5102
PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a…
High
CVE-2006-5103
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
High
CVE-2006-5105
Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/…
High
CVE-2006-5118
PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root…
High
CVE-2006-5123
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_pat…
High
CVE-2006-5124
Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in windo…
High
CVE-2006-5126
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
High
CVE-2006-5132
Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.p…
High
CVE-2006-5135
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a)…
High
CVE-2006-5136
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GL…
High
CVE-2006-5141
PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter.…
2006-09-29
High
CVE-2006-5093
PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Medium
CVE-2006-5094
PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter…
High
CVE-2006-5095
PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE…
High
CVE-2006-5097
PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE:…
High
CVE-2006-5087
Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.
High
CVE-2006-5088
PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.
High
CVE-2006-5089
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of t…
High
CVE-2006-5092
PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.
High
CVE-2006-5076
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php,…
Medium
CVE-2006-5077
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php…
High
CVE-2006-5078
PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] pa…
High
CVE-2006-5079
PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir paramet…
High
CVE-2006-5081
PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
High
CVE-2006-5083
PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_…
2006-09-28
High
CVE-2006-5053
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
High
CVE-2006-5055
PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path param…
High
CVE-2006-5061
PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
High
CVE-2006-5062
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath paramete…
Medium
CVE-2006-5065
PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in th…
High
CVE-2006-5067
PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter.…
High
CVE-2006-5068
PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL i…
Medium
CVE-2006-5070
PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsin…
2006-09-27
High
CVE-2006-5020
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts in…
Critical
CVE-2006-5021
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path param…
High
CVE-2006-5022
PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter.
High
CVE-2006-5032
PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.
Medium
CVE-2006-5043
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the…
Medium
CVE-2006-5045
Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_ab…
Medium
CVE-2006-5048
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mo…
High
CVE-2006-5015
PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
2006-09-26
High
CVE-2006-4995
PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parame…
High
CVE-2006-4984
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/inclu…
High
CVE-2006-4987
Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-vi…
High
CVE-2006-4990
Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-…
High
CVE-2006-4992
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path pa…
High
CVE-2006-4993
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) m…
2006-09-25
High
CVE-2006-4968
PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
High
CVE-2006-4969
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) o…
High
CVE-2006-4970
PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
High
CVE-2006-4966
PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] par…
2006-09-23
Medium
CVE-2006-4945
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[lib…
Medium
CVE-2006-4946
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbit…
High
CVE-2006-4944
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
2006-09-21
High
CVE-2006-4918
Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) a…
High
CVE-2006-4920
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/module…
High
CVE-2006-4921
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/incl…
High
CVE-2006-4904
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonst…
High
CVE-2006-4905
PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile func…
High
CVE-2006-4912
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
2006-09-19
High
CVE-2006-4890
Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemana…
High
CVE-2006-4893
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_pa…
High
CVE-2006-4898
PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
High
CVE-2006-4885
PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php…
Medium
CVE-2006-4889
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a UR…
High
CVE-2006-4869
PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
High
CVE-2006-4870
Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/…
Medium
CVE-2006-4858
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a…
High
CVE-2006-4863
Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2)…
High
CVE-2006-4864
PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.
Medium
CVE-2006-4844
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP…
Medium
CVE-2006-4845
PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] p…
High
CVE-2006-4848
Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php,…
High
CVE-2006-4849
PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Medium
CVE-2006-4850
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
High
CVE-2006-4851
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath param…
2006-09-15
High
CVE-2006-4823
PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_…
High
CVE-2006-4824
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] pa…
High
CVE-2006-4826
PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Medium
CVE-2006-4827
Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.ph…
High
CVE-2006-4828
PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
High
CVE-2006-4834
PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
High
CVE-2006-4837
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/edi…
2006-09-14
High
CVE-2006-4779
PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_ro…
High
CVE-2006-4780
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Medium
CVE-2006-4788
PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes…
2006-09-13
High
CVE-2006-4764
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
High
CVE-2006-4769
PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter.
High
CVE-2006-4770
PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter.
High
CVE-2006-4733
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP cod…
High
CVE-2006-4738
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path v…
High
CVE-2006-4741
PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
High
CVE-2006-4746
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
High
CVE-2006-4749
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activa…
Medium
CVE-2006-4750
PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[open…
2006-09-12
High
CVE-2006-4713
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
Medium
CVE-2006-4714
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute…
High
CVE-2006-4716
PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
Medium
CVE-2006-4719
Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1…
High
CVE-2006-4720
PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
High
CVE-2006-4722
PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php a…
Medium
CVE-2006-4723
PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP cod…
2006-09-11
High
CVE-2006-4677
PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was…
High
CVE-2006-4678
PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.
Medium
CVE-2006-4671
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] para…
High
CVE-2006-4672
PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter…
2006-09-09
High
CVE-2006-4656
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_roo…
Medium
CVE-2006-4664
PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path para…
High
CVE-2006-4666
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) art…
Medium
CVE-2006-4669
PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in t…
High
CVE-2006-4670
Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.…
2006-09-08
High
CVE-2006-4644
PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
High
CVE-2006-4645
PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary P…
High
CVE-2006-4647
PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
High
CVE-2006-4648
PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
High
CVE-2006-4649
PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
High
CVE-2006-4629
PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2006-4630
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in…