Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4817 | 1 Detodas | 1 Restaurante Component For Joomla | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/. | |||||
| CVE-2007-4834 | 1 Phprealty | 1 Phprealty | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/. | |||||
| CVE-2007-4886 | 1 Auracms | 1 Auracms | 2017-09-28 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs. | |||||
| CVE-2007-4907 | 1 Qualiteam | 1 X-cart | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php. | |||||
| CVE-2007-4921 | 1 Ajax | 1 File Browser | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter. | |||||
| CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-4933 | 1 Shop-script | 1 Shop-script | 2017-09-28 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters. | |||||
| CVE-2007-4934 | 1 Phpffl | 1 Phpffl | 2017-09-28 | 4.6 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php. | |||||
| CVE-2007-4954 | 1 Joomla | 1 Joom12pic Component | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-4955 | 1 Joomla | 1 Flash Fun Component | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-4978 | 1 Phpsyncml | 1 Phpsyncml | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/. | |||||
| CVE-2007-5009 | 1 Phpbb2 | 1 Phpbb2 Plus | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-5015 | 1 Streamline | 1 Streamline | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support. | |||||
| CVE-2007-5053 | 1 Izicontents | 1 Izicontents | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL. | |||||
| CVE-2007-5054 | 1 Izicontents | 1 Izicontents | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/. | |||||
| CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2017-09-28 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | |||||
| CVE-2007-5065 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Slide Show | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-5098 | 1 Dragonfrugal | 1 Dfd Cart | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/. | |||||
| CVE-2007-5138 | 1 Lustig | 1 Lustig.cms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. | |||||
| CVE-2007-5139 | 1 Chupix | 1 Chupix Cms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. | |||||