Search Results (6958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5492 1 Sitebar 1 Sitebar 2026-04-23 N/A
Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.
CVE-2007-5565 1 Phpscms 1 Phpscms 2026-04-23 9.8 Critical
PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request
CVE-2007-5566 1 Phpblog 1 Phpblog 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request
CVE-2007-5567 1 Galmeta 1 Galmeta Post 2026-04-23 N/A
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.
CVE-2007-5573 1 Limesurvey 1 Limesurvey 2026-04-23 N/A
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-5574 1 Phpdj 1 Phpdj 2026-04-23 N/A
PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-6177 1 Php Con 1 Php Con 2026-04-23 N/A
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
CVE-2007-6191 1 Pmapper 1 P.mapper 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
CVE-2007-6229 1 Rayzz 1 Rayzz Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
CVE-2007-6231 1 Tellmatic 1 Tellmatic 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
CVE-2007-6289 1 Iptel 1 Serweb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
CVE-2007-6296 1 Phpmychat 1 Phpmychat 2026-04-23 N/A
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
CVE-2007-6324 1 City Writer 1 Citywriter 2026-04-23 N/A
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-6325 1 Fastpublish 1 Fastpublish Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
CVE-2007-6339 1 Akamai Technologies 1 Download Manager 2026-04-23 N/A
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
CVE-2007-6347 1 Viart 4 Cms, Helpdesk, Shop Evaluation and 1 more 2026-04-23 N/A
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6348 1 Squirrelmail 1 Squirrelmail 2026-04-23 N/A
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
CVE-2007-6396 1 Myupb 1 Flat Php Board 2026-04-23 N/A
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
CVE-2007-6412 1 Bitweaver 1 Bitweaver 2026-04-23 N/A
Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
CVE-2007-6415 1 Debian 1 Debian Linux 2026-04-23 N/A
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.