Medium
CVE-2006-4637
Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE…
Tag: Remote File Inclusion (RFI)
All CVEs associated with "Remote File Inclusion (RFI)". Page 22/26 • 3072 CVEs.
Subscribe CVEs: RSS for “Remote File Inclusion (RFI)” · RSS (High+Critical only)
About “Remote File Inclusion (RFI)”
A curated feed of “Remote File Inclusion (RFI)”-related CVEs appears below. We currently track 3072 CVEs for this tag (all time). In the last 365 days, 757 were published. Average CVSS is 7.5 (all time; 8.0 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), CWE-829 - Inclusion of Functionality from Untrusted Control Sphere.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-09-08
Medium
CVE-2006-4638
PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.
Medium
CVE-2006-4639
Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path…
2006-09-07
Medium
CVE-2006-4596
PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_chec…
High
CVE-2006-4604
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _i…
High
CVE-2006-4605
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
Medium
CVE-2006-4609
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitr…
Medium
CVE-2006-4610
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
Medium
CVE-2006-4618
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP c…
High
CVE-2006-4621
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenan…
High
CVE-2006-4622
PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
2006-09-06
High
CVE-2006-4583
Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php,…
High
CVE-2006-4589
PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir par…
High
CVE-2006-4591
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in th…
High
CVE-2006-4594
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location pa…
High
CVE-2006-4544
Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in…
High
CVE-2006-4545
PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.ph…
Medium
CVE-2006-4553
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosC…
High
CVE-2006-4556
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path paramete…
High
CVE-2006-4557
PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another rese…
High
CVE-2006-4559
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] paramet…
2006-09-01
Low
CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allo…
High
CVE-2006-4531
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
High
CVE-2006-4532
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the con…
High
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php,…
2006-08-31
Medium
CVE-2006-4488
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a…
High
CVE-2006-4489
Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ip…
High
CVE-2006-4498
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a…
High
CVE-2006-4477
Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in th…
High
CVE-2006-4470
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
High
CVE-2006-4456
PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
High
CVE-2006-4457
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance…
2006-08-30
High
CVE-2006-4452
PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code v…
Medium
CVE-2006-4448
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] param…
2006-08-29
High
CVE-2006-4440
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter.
High
CVE-2006-4441
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter t…
High
CVE-2006-4443
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
High
CVE-2006-4445
Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php.…
High
CVE-2006-4422
PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path param…
High
CVE-2006-4423
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/comma…
Medium
CVE-2006-4424
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
Medium
CVE-2006-4425
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1)…
Medium
CVE-2006-4426
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a…
Critical
CVE-2006-4428
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, si…
High
CVE-2006-4429
PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_…
2006-08-27
High
CVE-2006-4354
PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.
High
CVE-2006-4357
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
High
CVE-2006-4363
PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropima…
2006-08-26
High
CVE-2006-4365
Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functi…
High
CVE-2006-4366
PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this informati…
High
CVE-2006-4368
PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path pa…
High
CVE-2006-4372
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary…
High
CVE-2006-4373
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
High
CVE-2006-4375
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mos…
High
CVE-2006-4378
Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a U…
2006-08-24
High
CVE-2006-4348
PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL…
High
CVE-2006-4349
PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script,…
High
CVE-2006-4320
PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
High
CVE-2006-4321
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2006-4322
PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP…
High
CVE-2006-4329
Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] paramete…
2006-08-23
High
CVE-2006-4311
PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory,…
High
CVE-2006-4296
PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path p…
2006-08-22
High
CVE-2006-4282
PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via…
High
CVE-2006-4283
Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts…
High
CVE-2006-4285
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it…
High
CVE-2006-4286
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in t…
High
CVE-2006-4287
Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a)…
Medium
CVE-2006-4288
PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP c…
Medium
CVE-2006-4291
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _P…
2006-08-21
High
CVE-2006-4275
PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_ab…
High
CVE-2006-4276
PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
High
CVE-2006-4277
Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class…
High
CVE-2006-4278
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.
High
CVE-2006-4280
PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_a…
High
CVE-2006-4281
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abs…
High
CVE-2006-4263
Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PH…
Critical
CVE-2006-4264
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abs…
High
CVE-2006-4269
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL…
Medium
CVE-2006-4270
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL…
High
CVE-2006-4271
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor…
High
CVE-2006-4236
Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and…
High
CVE-2006-4237
PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
High
CVE-2006-4239
PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc para…
High
CVE-2006-4240
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
High
CVE-2006-4241
PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_a…
Medium
CVE-2006-4242
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_pat…
2006-08-18
High
CVE-2006-4229
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL…
High
CVE-2006-4230
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
High
CVE-2006-4234
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
2006-08-17
High
CVE-2006-4217
PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different…
Medium
CVE-2006-4195
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen a…
High
CVE-2006-4196
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
Medium
CVE-2006-4198
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in…
High
CVE-2006-4203
PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absol…
High
CVE-2006-4204
Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialday…
High
CVE-2006-4205
Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts incl…
High
CVE-2006-4207
Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/con…
High
CVE-2006-4209
PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.
High
CVE-2006-4213
PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path paramet…
Medium
CVE-2006-4215
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoad…
Medium
CVE-2006-4189
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) brow…
2006-08-16
High
CVE-2006-4156
PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a thi…
Medium
CVE-2006-4158
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
High
CVE-2006-4159
Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ includ…
High
CVE-2006-4160
Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to…
High
CVE-2006-4163
PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE…
High
CVE-2006-4164
PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter.
High
CVE-2006-4166
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
2006-08-14
Medium
CVE-2006-4121
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
High
CVE-2006-4123
PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter.
High
CVE-2006-4129
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in…
Medium
CVE-2006-4130
PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote at…
High
CVE-2006-4135
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: t…
Medium
CVE-2006-4113
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.
Medium
CVE-2006-4115
PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter.
High
CVE-2006-4102
PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpa…
High
CVE-2006-4103
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
2006-08-11
High
CVE-2006-4083
PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector tha…
High
CVE-2006-4085
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath]…