Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
Max CVSS
6.8
EPSS Score
2.28%
Published
2008-12-31
Updated
2017-09-29
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
Max CVSS
6.8
EPSS Score
2.72%
Published
2008-12-31
Updated
2018-10-11
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
Max CVSS
7.5
EPSS Score
1.04%
Published
2008-12-31
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
Max CVSS
7.5
EPSS Score
2.51%
Published
2008-12-31
Updated
2017-09-29
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Max CVSS
7.5
EPSS Score
0.48%
Published
2008-12-30
Updated
2017-09-29
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
Max CVSS
9.3
EPSS Score
1.78%
Published
2008-12-30
Updated
2017-09-29
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
Max CVSS
7.5
EPSS Score
0.79%
Published
2008-12-30
Updated
2017-09-29
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
Max CVSS
10.0
EPSS Score
0.76%
Published
2008-12-19
Updated
2018-10-11
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.46%
Published
2008-12-19
Updated
2018-10-11
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
Max CVSS
7.5
EPSS Score
12.66%
Published
2008-12-16
Updated
2017-09-29
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
Max CVSS
7.5
EPSS Score
0.69%
Published
2008-12-15
Updated
2018-10-11
PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.
Max CVSS
7.5
EPSS Score
0.76%
Published
2008-12-15
Updated
2017-09-29
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Max CVSS
10.0
EPSS Score
0.54%
Published
2008-12-05
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.
Max CVSS
10.0
EPSS Score
5.70%
Published
2008-12-05
Updated
2017-09-29
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
Max CVSS
6.8
EPSS Score
22.74%
Published
2008-12-01
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
Max CVSS
9.3
EPSS Score
2.04%
Published
2008-11-24
Updated
2017-09-29
PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.44%
Published
2008-11-21
Updated
2017-08-08
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Max CVSS
7.5
EPSS Score
0.79%
Published
2008-11-21
Updated
2017-09-29
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
Max CVSS
7.5
EPSS Score
17.41%
Published
2008-11-21
Updated
2017-08-08
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Max CVSS
9.3
EPSS Score
20.08%
Published
2008-11-19
Updated
2017-09-29
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
Max CVSS
10.0
EPSS Score
2.51%
Published
2008-11-13
Updated
2017-09-29
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
Max CVSS
10.0
EPSS Score
22.26%
Published
2008-11-13
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
Max CVSS
10.0
EPSS Score
0.79%
Published
2008-11-13
Updated
2017-09-29
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Max CVSS
10.0
EPSS Score
22.26%
Published
2008-11-13
Updated
2017-09-29
PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter.
Max CVSS
7.5
EPSS Score
2.62%
Published
2008-11-04
Updated
2017-08-08
167 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!