CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2007-2596 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
302 CVE-2007-2594 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
303 CVE-2007-2575 94 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
304 CVE-2007-2573 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.
305 CVE-2007-2572 94 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter.
306 CVE-2007-2570 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.
307 CVE-2007-2569 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.
308 CVE-2007-2559 Exec Code File Inclusion 2007-05-09 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.
309 CVE-2007-2558 Exec Code File Inclusion 2007-05-09 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use.
310 CVE-2007-2545 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
311 CVE-2007-2544 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.
312 CVE-2007-2542 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
313 CVE-2007-2541 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
314 CVE-2007-2540 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.
315 CVE-2007-2531 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
316 CVE-2007-2530 Exec Code File Inclusion 2007-05-09 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.
317 CVE-2007-2527 Exec Code File Inclusion 2007-05-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.
318 CVE-2007-2521 94 Exec Code File Inclusion 2007-05-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
319 CVE-2007-2504 Exec Code File Inclusion 2007-05-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion.
320 CVE-2007-2503 Dir. Trav. File Inclusion 2007-05-04 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion.
321 CVE-2007-2493 Exec Code File Inclusion 2007-05-04 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
322 CVE-2007-2485 Exec Code File Inclusion 2007-05-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
323 CVE-2007-2484 Exec Code File Inclusion 2007-05-03 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
324 CVE-2007-2481 Exec Code File Inclusion 2007-05-03 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
325 CVE-2007-2477 Exec Code File Inclusion 2007-05-03 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value.
326 CVE-2007-2474 Exec Code File Inclusion 2007-05-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.
327 CVE-2007-2460 Exec Code File Inclusion 2007-05-02 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
328 CVE-2007-2458 94 Exec Code File Inclusion 2007-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.
329 CVE-2007-2457 Exec Code File Inclusion 2007-05-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
330 CVE-2007-2456 Exec Code File Inclusion 2007-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
331 CVE-2007-2428 94 Exec Code File Inclusion 2007-05-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.
332 CVE-2007-2426 Exec Code File Inclusion 2007-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
333 CVE-2007-2424 Exec Code File Inclusion 2007-05-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
334 CVE-2007-2422 Exec Code File Inclusion 2007-05-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string.
335 CVE-2007-2411 Exec Code File Inclusion 2007-05-01 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue."
336 CVE-2007-2364 Exec Code File Inclusion 2007-04-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.
337 CVE-2007-2358 Exec Code File Inclusion 2007-04-30 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
338 CVE-2007-2347 Exec Code File Inclusion 2007-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
339 CVE-2007-2346 Exec Code File Inclusion 2007-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php.
340 CVE-2007-2345 Exec Code File Inclusion 2007-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
341 CVE-2007-2341 Exec Code File Inclusion 2007-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
342 CVE-2007-2340 94 Exec Code File Inclusion 2007-04-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.
343 CVE-2007-2331 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter.
344 CVE-2007-2330 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
345 CVE-2007-2329 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
346 CVE-2007-2328 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.
347 CVE-2007-2327 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
348 CVE-2007-2326 Exec Code File Inclusion 2007-04-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty.
349 CVE-2007-2325 Exec Code File Inclusion 2007-04-27 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
350 CVE-2007-2319 94 Exec Code File Inclusion 2007-04-26 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.
Total number of vulnerabilities : 700   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.