PHP : Security Vulnerabilities, CVEs, (File inclusion)
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Max CVSS
5.0
EPSS Score
5.39%
Published
2009-11-24
Updated
2024-02-15
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.
Max CVSS
7.5
EPSS Score
5.90%
Published
2006-12-15
Updated
2018-10-17
PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.
Max CVSS
7.5
EPSS Score
4.38%
Published
2006-12-15
Updated
2017-10-19
PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter.
Max CVSS
7.5
EPSS Score
15.90%
Published
2006-12-14
Updated
2017-10-19
PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
Max CVSS
7.5
EPSS Score
5.90%
Published
2006-12-14
Updated
2017-10-19
** DISPUTED ** PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit."
Max CVSS
7.5
EPSS Score
4.64%
Published
2006-12-14
Updated
2018-10-17
6 vulnerabilities found