Security Vulnerabilities, CVEs, Published In 2009 (File inclusion) CVSS score >= 7
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.
Max CVSS
7.5
EPSS Score
1.12%
Published
2009-12-30
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php.
Max CVSS
7.5
EPSS Score
1.19%
Published
2009-12-30
Updated
2017-09-19
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.52%
Published
2009-12-28
Updated
2010-06-29
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Max CVSS
7.5
EPSS Score
0.61%
Published
2009-12-07
Updated
2017-08-17
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
Max CVSS
7.5
EPSS Score
0.72%
Published
2009-12-07
Updated
2017-08-17
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-02
Updated
2009-12-03
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.36%
Published
2009-11-29
Updated
2017-08-17
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
2.51%
Published
2009-11-29
Updated
2017-08-17
PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.
Max CVSS
7.5
EPSS Score
14.31%
Published
2009-11-29
Updated
2017-08-17
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
Max CVSS
7.5
EPSS Score
12.82%
Published
2009-10-28
Updated
2009-10-28
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
2.19%
Published
2009-10-28
Updated
2009-10-28
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
Max CVSS
7.5
EPSS Score
1.44%
Published
2009-10-16
Updated
2021-04-07
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Max CVSS
7.5
EPSS Score
0.66%
Published
2009-12-22
Updated
2018-10-10
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Max CVSS
7.5
EPSS Score
1.33%
Published
2009-10-02
Updated
2017-08-17
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
Max CVSS
7.5
EPSS Score
0.83%
Published
2009-10-02
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.
Max CVSS
7.5
EPSS Score
0.64%
Published
2009-10-01
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php.
Max CVSS
7.5
EPSS Score
0.83%
Published
2009-09-30
Updated
2017-09-19
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
Max CVSS
7.5
EPSS Score
0.64%
Published
2009-09-24
Updated
2017-09-19
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
Max CVSS
7.5
EPSS Score
2.42%
Published
2009-09-24
Updated
2009-09-25
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
0.69%
Published
2009-09-23
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php.
Max CVSS
7.5
EPSS Score
0.83%
Published
2009-09-23
Updated
2017-09-19
PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter.
Max CVSS
7.5
EPSS Score
0.64%
Published
2009-09-23
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.
Max CVSS
7.5
EPSS Score
0.83%
Published
2009-09-23
Updated
2017-09-19
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
Max CVSS
7.5
EPSS Score
1.51%
Published
2009-09-23
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.
Max CVSS
7.5
EPSS Score
0.71%
Published
2009-09-23
Updated
2017-09-19