CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2006-7168 Exec Code File Inclusion 2007-03-20 2021-03-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
652 CVE-2006-7156 Exec Code File Inclusion 2007-03-07 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
653 CVE-2006-7153 Exec Code File Inclusion 2007-03-07 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
654 CVE-2006-7148 Exec Code File Inclusion 2007-03-07 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
655 CVE-2006-7147 94 Exec Code File Inclusion 2007-03-07 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
656 CVE-2006-7146 94 Exec Code File Inclusion 2007-03-07 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions.
657 CVE-2006-7136 Exec Code File Inclusion 2007-03-07 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.
658 CVE-2006-7135 Exec Code File Inclusion 2007-03-07 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
659 CVE-2006-7131 Exec Code File Inclusion 2007-03-06 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
660 CVE-2006-7130 94 Exec Code File Inclusion 2007-03-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
661 CVE-2006-7128 Exec Code File Inclusion 2007-03-06 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
662 CVE-2006-7127 94 Exec Code File Inclusion 2007-03-06 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
663 CVE-2006-7124 Exec Code File Inclusion 2007-03-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
664 CVE-2006-7120 Exec Code File Inclusion 2007-03-06 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php.
665 CVE-2006-7119 Exec Code File Inclusion 2007-03-06 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
666 CVE-2006-7107 Exec Code File Inclusion 2007-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
667 CVE-2006-7106 94 Exec Code File Inclusion 2007-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
668 CVE-2006-7105 94 Exec Code File Inclusion 2007-03-03 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect.
669 CVE-2006-7104 94 Exec Code File Inclusion 2007-03-03 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
670 CVE-2006-7102 94 Exec Code File Inclusion 2007-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
671 CVE-2006-7100 94 Exec Code File Inclusion 2007-03-03 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
672 CVE-2006-7091 Exec Code File Inclusion 2007-03-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
673 CVE-2006-7090 94 Exec Code File Inclusion 2007-03-02 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.
674 CVE-2006-7081 Exec Code File Inclusion 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3.
675 CVE-2006-7069 Exec Code File Inclusion 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.
676 CVE-2006-7068 Exec Code File Inclusion 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
677 CVE-2006-7056 Exec Code File Inclusion 2007-02-24 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
678 CVE-2006-7055 Exec Code File Inclusion 2007-02-24 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
679 CVE-2006-7052 Exec Code File Inclusion 2007-02-24 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
680 CVE-2006-7048 Exec Code File Inclusion 2007-02-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
681 CVE-2006-7047 264 Exec Code Bypass File Inclusion 2007-02-24 2018-10-16
5.0
None Remote Low Not required None Partial None
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
682 CVE-2006-7046 94 Exec Code File Inclusion 2007-02-24 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
683 CVE-2006-7045 Exec Code File Inclusion 2007-02-24 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
684 CVE-2006-7044 Exec Code File Inclusion 2007-02-24 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
685 CVE-2006-7036 Exec Code File Inclusion 2007-02-23 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated.
686 CVE-2006-7032 Exec Code File Inclusion 2007-02-23 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
687 CVE-2006-7026 Exec Code File Inclusion 2007-02-23 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
688 CVE-2006-7024 Exec Code File Inclusion 2007-02-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
689 CVE-2006-7021 94 Exec Code File Inclusion 2007-02-15 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
690 CVE-2006-7017 Exec Code File Inclusion 2007-02-15 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php.
691 CVE-2006-7015 Exec Code File Inclusion 2007-02-15 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.
692 CVE-2006-7011 Exec Code File Inclusion 2007-02-15 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value.
693 CVE-2006-7006 Exec Code File Inclusion 2007-02-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals.
694 CVE-2006-7003 Exec Code File Inclusion 2007-02-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
695 CVE-2006-6976 94 Exec Code File Inclusion 2007-02-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.
696 CVE-2006-6975 94 Exec Code File Inclusion 2007-02-08 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.
697 CVE-2006-6963 Exec Code File Inclusion 2007-01-29 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577.
698 CVE-2006-6962 94 Exec Code File Inclusion 2007-01-29 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.
699 CVE-2006-6958 94 1 Exec Code File Inclusion 2007-01-29 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.
700 CVE-2006-6957 94 Exec Code File Inclusion 2007-01-29 2013-08-31
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.
Total number of vulnerabilities : 700   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.