PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
2.25%
Published
2010-12-02
Updated
2018-10-10
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.73%
Published
2010-10-05
Updated
2010-10-06
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-16
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.
Source: Red Hat, Inc.
Max CVSS
7.5
EPSS Score
1.52%
Published
2010-10-05
Updated
2010-10-05
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-03
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-03
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-03
Updated
2017-08-17
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-03
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.81%
Published
2010-09-03
Updated
2017-08-17
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
Source: MITRE
Max CVSS
9.3
EPSS Score
0.67%
Published
2010-08-31
Updated
2020-11-16
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
Source: JPCERT/CC
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-10-25
Updated
2020-08-12
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
2.85%
Published
2010-07-30
Updated
2017-08-17
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.46%
Published
2010-07-12
Updated
2010-07-12
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
5.1
EPSS Score
2.80%
Published
2010-07-08
Updated
2017-08-17
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
Source: MITRE
Max CVSS
6.8
EPSS Score
1.69%
Published
2010-07-02
Updated
2017-08-17
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
Source: MITRE
Max CVSS
6.8
EPSS Score
2.85%
Published
2010-06-25
Updated
2017-08-17
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
5.1
EPSS Score
10.61%
Published
2010-06-21
Updated
2017-08-17
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
2.39%
Published
2010-06-18
Updated
2017-08-17
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-06-17
Updated
2017-08-17
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
6.8
EPSS Score
14.08%
Published
2010-06-17
Updated
2010-06-18
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.19%
Published
2010-06-03
Updated
2010-06-04
Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.54%
Published
2010-06-03
Updated
2018-10-10
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.57%
Published
2010-06-02
Updated
2017-08-17
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.57%
Published
2010-06-02
Updated
2017-08-17
PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.81%
Published
2010-06-01
Updated
2017-08-17
76 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!