Security Vulnerabilities, CVEs, Published In 2006 (File inclusion) CVSS score >= 7
PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used
Max CVSS
7.5
EPSS Score
0.78%
Published
2006-12-31
Updated
2024-04-11
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
Max CVSS
7.5
EPSS Score
15.33%
Published
2006-12-31
Updated
2017-10-19
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
Max CVSS
10.0
EPSS Score
10.03%
Published
2006-12-31
Updated
2018-10-17
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
Max CVSS
10.0
EPSS Score
15.33%
Published
2006-12-31
Updated
2024-04-11
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
Max CVSS
7.5
EPSS Score
6.57%
Published
2006-12-31
Updated
2017-10-19
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.31%
Published
2006-12-31
Updated
2008-09-05
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
Max CVSS
7.5
EPSS Score
4.76%
Published
2006-12-31
Updated
2017-10-19
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-29
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
Max CVSS
7.5
EPSS Score
2.58%
Published
2006-12-29
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-29
Updated
2017-10-19
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-28
Updated
2017-10-19
PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-28
Updated
2018-10-17
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Max CVSS
7.5
EPSS Score
15.33%
Published
2006-12-28
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-28
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.
Max CVSS
7.5
EPSS Score
0.51%
Published
2006-12-27
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-12-27
Updated
2017-10-19
PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.51%
Published
2006-12-27
Updated
2011-03-08
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
28.39%
Published
2006-12-26
Updated
2017-10-19
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.
Max CVSS
7.5
EPSS Score
2.60%
Published
2006-12-26
Updated
2017-10-19
PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Max CVSS
7.5
EPSS Score
0.51%
Published
2006-12-26
Updated
2011-03-08
PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter.
Max CVSS
7.5
EPSS Score
2.15%
Published
2006-12-26
Updated
2017-10-19
PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.
Max CVSS
7.5
EPSS Score
4.47%
Published
2006-12-23
Updated
2017-10-19
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
Max CVSS
7.5
EPSS Score
5.29%
Published
2006-12-23
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
Max CVSS
7.5
EPSS Score
1.94%
Published
2006-12-23
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
Max CVSS
7.5
EPSS Score
6.57%
Published
2006-12-21
Updated
2017-10-19