CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4472 94 1 Exec Code File Inclusion 2009-12-30 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.
2 CVE-2009-4471 94 1 Exec Code File Inclusion 2009-12-30 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php.
3 CVE-2009-4431 94 1 Exec Code File Inclusion 2009-12-28 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
4 CVE-2009-4319 94 1 Exec Code File Inclusion 2009-12-14 2009-12-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
5 CVE-2009-4264 94 1 Exec Code File Inclusion 2009-12-10 2009-12-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
6 CVE-2009-4224 20 2 Exec Code File Inclusion 2009-12-07 2009-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
7 CVE-2009-4223 94 1 Exec Code File Inclusion 2009-12-07 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
8 CVE-2009-4220 94 2 Exec Code File Inclusion 2009-12-07 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
9 CVE-2009-4156 94 1 Exec Code File Inclusion 2009-12-02 2009-12-03
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
10 CVE-2009-4094 94 Exec Code File Inclusion 2009-11-29 2009-11-30
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
11 CVE-2009-4085 94 Exec Code File Inclusion 2009-11-29 2011-12-12
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12 CVE-2009-4082 94 2 Exec Code File Inclusion 2009-11-29 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.
13 CVE-2009-4017 DoS File Inclusion 2009-11-23 2011-07-18
5.0
None Remote Low Not required None None Partial
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
14 CVE-2009-3822 94 Exec Code File Inclusion 2009-10-28 2009-10-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
15 CVE-2009-3817 94 Exec Code File Inclusion 2009-10-28 2009-10-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16 CVE-2009-3705 94 1 Exec Code File Inclusion 2009-10-16 2009-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
17 CVE-2009-3702 22 Dir. Trav. File Inclusion 2009-12-22 2009-12-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
18 CVE-2009-3660 94 1 Exec Code File Inclusion 2009-10-11 2009-10-12
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
19 CVE-2009-3542 22 1 Dir. Trav. File Inclusion 2009-10-02 2009-10-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
20 CVE-2009-3541 94 1 Exec Code File Inclusion 2009-10-02 2009-10-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
21 CVE-2009-3535 22 2 Dir. Trav. File Inclusion 2009-10-02 2009-10-05
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
22 CVE-2009-3511 94 1 Exec Code File Inclusion 2009-10-01 2009-10-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.
23 CVE-2009-3492 94 1 Exec Code File Inclusion 2009-09-30 2009-10-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php.
24 CVE-2009-3426 94 1 Exec Code File Inclusion 2009-09-25 2009-09-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
25 CVE-2009-3424 94 1 Exec Code File Inclusion 2009-09-25 2009-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/.
26 CVE-2009-3365 94 1 Exec Code File Inclusion 2009-09-24 2009-09-25
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
27 CVE-2009-3362 94 1 Exec Code File Inclusion 2009-09-24 2009-09-25
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
28 CVE-2009-3333 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
29 CVE-2009-3331 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php.
30 CVE-2009-3324 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter.
31 CVE-2009-3323 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.
32 CVE-2009-3317 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
33 CVE-2009-3312 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.
34 CVE-2009-3307 94 1 Exec Code File Inclusion 2009-09-23 2009-09-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.
35 CVE-2009-3306 94 1 Exec Code File Inclusion 2009-09-23 2010-06-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.
36 CVE-2009-3220 94 Exec Code File Inclusion 2009-09-16 2009-09-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
37 CVE-2009-3188 94 1 Exec Code File Inclusion 2009-09-15 2009-09-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.
38 CVE-2009-3174 94 1 Exec Code File Inclusion 2009-09-11 2009-09-14
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.
39 CVE-2009-3065 94 1 Exec Code File Inclusion 2009-09-03 2009-09-09
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
40 CVE-2009-3056 94 1 Exec Code File Inclusion 2009-09-03 2009-09-04
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.
41 CVE-2009-3055 94 1 Exec Code File Inclusion 2009-09-03 2009-09-04
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.
42 CVE-2009-2791 94 1 Exec Code File Inclusion 2009-08-17 2009-08-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
43 CVE-2009-2784 22 1 Dir. Trav. File Inclusion 2009-08-17 2009-08-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.
44 CVE-2009-2773 94 1 Exec Code File Inclusion 2009-08-14 2009-08-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
45 CVE-2009-2769 94 1 Exec Code File Inclusion 2009-08-14 2009-08-14
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.
46 CVE-2009-2641 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
47 CVE-2009-2637 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
48 CVE-2009-2635 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
49 CVE-2009-2634 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
50 CVE-2009-2633 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.