Avatic : Security Vulnerabilities, CVEs, CVSS score >= 6
Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.
Max CVSS
7.5
EPSS Score
2.37%
Published
2007-04-03
Updated
2018-10-16
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
Max CVSS
6.8
EPSS Score
2.82%
Published
2007-02-23
Updated
2017-10-11
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
Max CVSS
6.4
EPSS Score
3.84%
Published
2006-05-03
Updated
2017-10-19
3 vulnerabilities found