| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. |
| PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter. |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts. |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors. |
| Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/. |
| Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information. |
| Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. |
| PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864. |
| PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. |
| PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter. |
| PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined before use. CVE analysis as of 20061012 concurs with the dispute |
| PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. |
| PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. |
