CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-1960 94 File Inclusion 2009-06-08 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
2 CVE-2009-2223 22 1 Dir. Trav. File Inclusion 2009-06-26 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
3 CVE-2009-2396 94 1 Exec Code File Inclusion 2009-07-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
4 CVE-2009-2784 22 1 Dir. Trav. File Inclusion 2009-08-17 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.
5 CVE-2006-7237 94 Exec Code File Inclusion 2009-03-31 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6 CVE-2008-5922 94 Exec Code File Inclusion 2009-01-21 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
7 CVE-2008-5949 94 Exec Code File Inclusion 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
8 CVE-2008-6006 94 Exec Code File Inclusion 2009-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
9 CVE-2008-6022 94 Exec Code File Inclusion 2009-02-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
10 CVE-2008-6023 94 Exec Code File Inclusion 2009-02-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
11 CVE-2008-6036 94 Exec Code File Inclusion 2009-02-03 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
12 CVE-2008-6066 94 Exec Code File Inclusion 2009-02-05 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13 CVE-2008-6099 94 Exec Code File Inclusion 2009-02-10 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.
14 CVE-2008-6138 94 Exec Code File Inclusion 2009-02-14 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
15 CVE-2008-6196 94 Exec Code File Inclusion 2009-02-20 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16 CVE-2008-6206 94 Exec Code File Inclusion 2009-02-20 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
17 CVE-2008-6221 94 Exec Code File Inclusion 2009-02-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
18 CVE-2008-6223 94 Exec Code File Inclusion 2009-02-20 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
19 CVE-2008-6287 94 Exec Code File Inclusion 2009-02-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
20 CVE-2008-6315 94 Exec Code File Inclusion 2009-02-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316.
21 CVE-2008-6318 94 Exec Code File Inclusion 2009-02-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.
22 CVE-2008-6347 94 Exec Code File Inclusion 2009-03-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
23 CVE-2008-6377 94 Exec Code File Inclusion 2009-03-02 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
24 CVE-2008-6402 94 Exec Code File Inclusion 2009-03-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter.
25 CVE-2008-6403 94 Exec Code File Inclusion 2009-03-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.
26 CVE-2008-6408 94 Exec Code File Inclusion 2009-03-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
27 CVE-2008-6421 94 Exec Code File Inclusion 2009-03-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
28 CVE-2008-6483 94 Exec Code File Inclusion 2009-03-18 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29 CVE-2008-6491 94 Exec Code File Inclusion 2009-03-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
30 CVE-2008-6543 94 File Inclusion 2009-03-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc.
31 CVE-2008-6544 94 Exec Code File Inclusion 2009-03-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request.
32 CVE-2008-6545 94 Exec Code File Inclusion 2009-03-30 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
33 CVE-2008-6807 94 Exec Code File Inclusion 2009-05-12 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.
34 CVE-2008-6841 94 Exec Code File Inclusion 2009-07-01 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.
35 CVE-2008-7000 94 Exec Code File Inclusion 2009-08-19 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
36 CVE-2008-7034 94 Exec Code File Inclusion 2009-08-24 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
37 CVE-2008-7042 94 Exec Code File Inclusion 2009-08-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
38 CVE-2008-7067 94 Exec Code File Inclusion 2009-08-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
39 CVE-2008-7087 94 Exec Code File Inclusion 2009-08-26 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
40 CVE-2009-0103 94 Exec Code File Inclusion 2009-01-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
41 CVE-2009-0444 94 Exec Code File Inclusion 2009-02-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php.
42 CVE-2009-0456 94 Exec Code File Inclusion 2009-02-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.
43 CVE-2009-0495 94 Exec Code File Inclusion 2009-02-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter.
44 CVE-2009-0513 94 Exec Code File Inclusion 2009-02-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/.
45 CVE-2009-0639 94 Exec Code File Inclusion 2009-02-18 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
46 CVE-2009-0966 94 Exec Code File Inclusion 2009-03-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
47 CVE-2009-1025 94 Exec Code File Inclusion 2009-03-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
48 CVE-2009-1248 94 Exec Code File Inclusion 2009-04-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
49 CVE-2009-1444 94 Exec Code File Inclusion 2009-04-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
50 CVE-2009-1450 94 Exec Code File Inclusion 2009-04-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.