Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5494

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Oct, 2006 | 10:00
Updated At-07 Aug, 2024 | 19:55
Rejected At-
Credits

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Oct, 2006 | 10:00
Updated At:07 Aug, 2024 | 19:55
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/20633
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/29694
vdb-entry
x_refsource_XF
http://www.osvdb.org/29892
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/22505
third-party-advisory
x_refsource_SECUNIA
https://www.exploit-db.com/exploits/2599
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2006/4121
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/20633
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29694
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.osvdb.org/29892
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/22505
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.exploit-db.com/exploits/2599
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2006/4121
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/20633
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/29694
vdb-entry
x_refsource_XF
x_transferred
http://www.osvdb.org/29892
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/22505
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.exploit-db.com/exploits/2599
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2006/4121
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/20633
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29694
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.osvdb.org/29892
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/22505
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/2599
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/4121
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Oct, 2006 | 10:07
Updated At:19 Oct, 2017 | 01:29

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
phpnuke
phpnuke
>>php-nuke>>8.0
cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/22505cve@mitre.org
Vendor Advisory
http://www.osvdb.org/29892cve@mitre.org
N/A
http://www.securityfocus.com/bid/20633cve@mitre.org
Exploit
http://www.vupen.com/english/advisories/2006/4121cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29694cve@mitre.org
N/A
https://www.exploit-db.com/exploits/2599cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/22505
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/29892
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/20633
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.vupen.com/english/advisories/2006/4121
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29694
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/2599
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

905Records found
CVE-2011-1480
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.43%
||
7 Day CHG~0.00%
Published-21 Jun, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 14:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6779
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-php-nukesarkilar_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-7226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 14:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.

Action-Not Available
Vendor-php-nukephpnuken/a
Product-recipe_modulephp-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-7038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.17% / 77.83%
||
7 Day CHG~0.00%
Published-24 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.

Action-Not Available
Vendor-phpnukemaxdevn/a
Product-php-nukemy_egalleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6865
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.

Action-Not Available
Vendor-php-nukephpnuken/a
Product-php-nukesections_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.43%
||
7 Day CHG~0.00%
Published-20 Apr, 2009 | 14:06
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.43%
||
7 Day CHG~0.00%
Published-31 Oct, 2008 | 16:42
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

Action-Not Available
Vendor-nukedgalleryphpnuken/a
Product-galleryphp-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-11 Jul, 2008 | 22:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

Action-Not Available
Vendor-warpspeedphpnuken/a
Product-4ndvddbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-3934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.52%
||
7 Day CHG~0.00%
Published-02 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-php-nukesubmit_news_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.94%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.

Action-Not Available
Vendor-johannes_hassphpnuken/a
Product-gaestebuch_modulephp-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.

Action-Not Available
Vendor-sudirman_angriawanphpnuken/a
Product-nukec30php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.52%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-kutubisitte_componentn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.28%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.

Action-Not Available
Vendor-phpnuken/a
Product-okul_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.38%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Action-Not Available
Vendor-phpnuken/a
Product-bookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.28%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

Action-Not Available
Vendor-phpnuken/a
Product-easycontent_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.53%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-phpnuken/a
Product-4nchatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-1450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-14 Mar, 2007 | 18:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CVE-2008-1053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.38%
||
7 Day CHG~0.00%
Published-27 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-kose_yazilari_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0879
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.57%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.

Action-Not Available
Vendor-phpnuken/a
Product-web_links_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-30177
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 77.91%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 10:48
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2001-0899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

Action-Not Available
Vendor-rick_fournierphpnuken/a
Product-network_toolsphp-nuken/a
CVE-2010-5083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.17%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.

Action-Not Available
Vendor-phpnuken/a
Product-php-nukeweb_links_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-3204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 79.61%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 17:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.

Action-Not Available
Vendor-pecio-cmsn/a
Product-pecio_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4342
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.14%
||
7 Day CHG~0.00%
Published-08 Oct, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Action-Not Available
Vendor-backwpupn/aWordPress.org
Product-wordpressbackwpupn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3307
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.00%
||
7 Day CHG~0.00%
Published-05 Oct, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.

Action-Not Available
Vendor-dustincowelln/a
Product-free_simple_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3313
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-22 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.

Action-Not Available
Vendor-egroupwaren/a
Product-egroupwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-44.34% / 97.47%
||
7 Day CHG~0.00%
Published-02 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-9521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 81.05%
||
7 Day CHG~0.00%
Published-05 Jan, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.

Action-Not Available
Vendor-infinitewpn/a
Product-infinitewpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-5734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-72.92% / 98.73%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3379
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.33%
||
7 Day CHG~0.00%
Published-03 Nov, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2628
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-20 Aug, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!com_sefn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 17:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.

Action-Not Available
Vendor-diy-cmsn/a
Product-diy-cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 17:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

Action-Not Available
Vendor-textpatternn/a
Product-textpatternn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 17:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.

Action-Not Available
Vendor-martin_leen/a
Product-multi-lingual_e-commerce_systemn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3419
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.

Action-Not Available
Vendor-haudenschiltn/a
Product-family_connections_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2626
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.08% / 94.53%
||
7 Day CHG~0.00%
Published-02 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-miyabi-seon/a
Product-cgi_tools_seo_linksn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.04%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.

Action-Not Available
Vendor-datalifecmsn/a
Product-datalife_enginen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.10% / 83.36%
||
7 Day CHG~0.00%
Published-02 Jun, 2010 | 18:14
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Action-Not Available
Vendor-giaardn/a
Product-promann/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.57%
||
7 Day CHG~0.00%
Published-12 May, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/.

Action-Not Available
Vendor-29o3_cmsn/a
Product-29o3_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.04%
||
7 Day CHG~0.00%
Published-03 Jun, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.

Action-Not Available
Vendor-graviton-mediatechn/a
Product-visitor_loggern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.18%
||
7 Day CHG~0.00%
Published-03 Jun, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error.

Action-Not Available
Vendor-richrumblen/a
Product-clearsiten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.43%
||
7 Day CHG~0.00%
Published-02 Jun, 2010 | 18:14
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446.

Action-Not Available
Vendor-danny_hon/a
Product-oesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2003-1240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.79% / 81.99%
||
7 Day CHG~0.00%
Published-16 Nov, 2005 | 07:37
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

Action-Not Available
Vendor-cutephpn/a
Product-cutenewsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2341
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.57%
||
7 Day CHG~0.00%
Published-18 Jun, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.

Action-Not Available
Vendor-ezpxn/a
Product-ezpx_photoblogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in openUrgence Vaccin 1.03 allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) collectivite.class.php, (2) injection.class.php, (3) utilisateur.class.php, (4) droit.class.php, (5) laboratoire.class.php, (6) vaccin.class.php, (7) effetsecondaire.class.php, (8) medecin.class.php, (9) individu.class.php, and (10) profil.class.php in gen/obj/.

Action-Not Available
Vendor-francois_raynaudn/a
Product-openurgence_vaccinn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.71%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.

Action-Not Available
Vendor-smartisoftn/a
Product-phpbazarn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 79.61%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.

Action-Not Available
Vendor-boesch-itn/a
Product-faqenginen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.

Action-Not Available
Vendor-kjetiltroann/a
Product-webmaid_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found