Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-1946

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 May, 2010 | 18:00
Updated At-07 Aug, 2024 | 02:17
Rejected At-
Credits

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 May, 2010 | 18:00
Updated At:07 Aug, 2024 | 02:17
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/63955
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63954
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63959
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63947
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63949
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63953
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63962
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63951
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63961
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63946
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63945
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/39534
third-party-advisory
x_refsource_SECUNIA
http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
x_refsource_MISC
http://www.securityfocus.com/bid/39611
vdb-entry
x_refsource_BID
http://www.osvdb.org/63956
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63950
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63960
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63957
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63952
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63963
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/63958
vdb-entry
x_refsource_OSVDB
http://www.exploit-db.com/exploits/12313
exploit
x_refsource_EXPLOIT-DB
http://www.osvdb.org/63948
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63955
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63954
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63959
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63947
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63949
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63953
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63962
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63951
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63961
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63946
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63945
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/39534
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/39611
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.osvdb.org/63956
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63950
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63960
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63957
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63952
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63963
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/63958
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.exploit-db.com/exploits/12313
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.osvdb.org/63948
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/63955
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63954
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63959
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63947
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63949
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63953
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63962
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63951
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63961
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63946
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63945
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/39534
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/39611
vdb-entry
x_refsource_BID
x_transferred
http://www.osvdb.org/63956
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63950
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63960
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63957
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63952
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63963
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/63958
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.exploit-db.com/exploits/12313
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.osvdb.org/63948
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63955
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63954
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63959
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63947
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63949
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63953
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63962
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63951
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63961
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63946
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63945
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/39534
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/39611
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.osvdb.org/63956
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63950
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63960
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63957
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63952
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63963
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/63958
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/12313
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.osvdb.org/63948
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 May, 2010 | 12:07
Updated At:11 Apr, 2025 | 00:51

Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
openmairie
openmairie
>>openregistrecil>>1.02
cpe:2.3:a:openmairie:openregistrecil:1.02:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txtcve@mitre.org
Exploit
http://secunia.com/advisories/39534cve@mitre.org
Vendor Advisory
http://www.exploit-db.com/exploits/12313cve@mitre.org
Exploit
http://www.osvdb.org/63945cve@mitre.org
N/A
http://www.osvdb.org/63946cve@mitre.org
N/A
http://www.osvdb.org/63947cve@mitre.org
N/A
http://www.osvdb.org/63948cve@mitre.org
N/A
http://www.osvdb.org/63949cve@mitre.org
N/A
http://www.osvdb.org/63950cve@mitre.org
N/A
http://www.osvdb.org/63951cve@mitre.org
N/A
http://www.osvdb.org/63952cve@mitre.org
N/A
http://www.osvdb.org/63953cve@mitre.org
N/A
http://www.osvdb.org/63954cve@mitre.org
N/A
http://www.osvdb.org/63955cve@mitre.org
N/A
http://www.osvdb.org/63956cve@mitre.org
N/A
http://www.osvdb.org/63957cve@mitre.org
N/A
http://www.osvdb.org/63958cve@mitre.org
N/A
http://www.osvdb.org/63959cve@mitre.org
N/A
http://www.osvdb.org/63960cve@mitre.org
N/A
http://www.osvdb.org/63961cve@mitre.org
N/A
http://www.osvdb.org/63962cve@mitre.org
N/A
http://www.osvdb.org/63963cve@mitre.org
N/A
http://www.securityfocus.com/bid/39611cve@mitre.org
Exploit
http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/39534af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.exploit-db.com/exploits/12313af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.osvdb.org/63945af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63946af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63947af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63948af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63949af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63950af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63951af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63952af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63953af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63954af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63955af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63956af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63957af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63958af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63959af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63960af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63961af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63962af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/63963af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/39611af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/39534
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.exploit-db.com/exploits/12313
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.osvdb.org/63945
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63946
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63947
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63948
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63949
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63950
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63951
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63952
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63953
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63954
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63955
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63956
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63957
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63958
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63959
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63960
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63961
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63962
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/63963
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39611
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://packetstormsecurity.org/1004-exploits/openregistrecil-rfilfi.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/39534
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.exploit-db.com/exploits/12313
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.osvdb.org/63945
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63946
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63947
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63948
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63949
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63951
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63952
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63954
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63955
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63956
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63958
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63959
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63960
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63961
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63962
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/63963
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39611
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

491Records found
CVE-2015-5643
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 68.55%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

Action-Not Available
Vendor-iczn/a
Product-matchasnsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.83% / 85.62%
||
7 Day CHG~0.00%
Published-11 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Action-Not Available
Vendor-mapbendern/a
Product-mapbendern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.94% / 82.66%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6615
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.08% / 86.23%
||
7 Day CHG~0.00%
Published-03 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.

Action-Not Available
Vendor-agares_median/a
Product-phpautovideon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.79% / 89.06%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.

Action-Not Available
Vendor-anon_proxy_servern/a
Product-anon_proxy_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-5644
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 68.55%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

Action-Not Available
Vendor-iczn/a
Product-matchasnsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-10 Dec, 2007 | 18:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.

Action-Not Available
Vendor-ipteln/a
Product-serwebn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-18 Sep, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-joom12pic_componentn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6348
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-14 Dec, 2007 | 19:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aSquirrelMail
Product-squirrelmailn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.

Action-Not Available
Vendor-xml2owln/a
Product-xml2owln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.79% / 73.01%
||
7 Day CHG~0.00%
Published-27 Dec, 2007 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.

Action-Not Available
Vendor-idevspotn/a
Product-isupportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.55% / 84.90%
||
7 Day CHG~0.00%
Published-03 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.

Action-Not Available
Vendor-agares_median/a
Product-phpautovideon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.

Action-Not Available
Vendor-form_toolsn/a
Product-form_toolsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-11.45% / 93.32%
||
7 Day CHG~0.00%
Published-13 Dec, 2007 | 19:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.

Action-Not Available
Vendor-fastpublishn/a
Product-fastpublish_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0287
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.98% / 82.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.

Action-Not Available
Vendor-visionburstn/a
Product-vcartn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-3725
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.38%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 09:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in ohmyzsh/ohmyzsh

Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.

Action-Not Available
Vendor-planetargonohmyzsh
Product-oh_my_zshohmyzsh/ohmyzsh
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-43466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.14% / 89.47%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.

Action-Not Available
Vendor-thymeleafn/a
Product-thymeleafn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.08% / 91.78%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.

Action-Not Available
Vendor-laman/a
Product-lama_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.83% / 89.11%
||
7 Day CHG~0.00%
Published-01 May, 2008 | 17:20
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."

Action-Not Available
Vendor-akamai_technologiesn/a
Product-download_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-13.10% / 93.85%
||
7 Day CHG~0.00%
Published-13 Dec, 2007 | 22:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-viartn/a
Product-cmshelpdeskshop_freeshop_evaluationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.34% / 88.48%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.

Action-Not Available
Vendor-nmnnewslettern/a
Product-nmnnewslettern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.08% / 83.29%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."

Action-Not Available
Vendor-mansion_productionsn/a
Product-member_area_systemn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.65% / 81.27%
||
7 Day CHG~0.00%
Published-03 Oct, 2007 | 14:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.

Action-Not Available
Vendor-openidphpbbn/a
Product-phpbbopenidn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5800
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.40% / 90.64%
||
7 Day CHG~0.00%
Published-03 Nov, 2007 | 00:00
Updated-07 Aug, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

Action-Not Available
Vendor-tom_willmotn/aWordPress.org
Product-backupwordpress_pluginwordpressn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 22:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.

Action-Not Available
Vendor-php-toolsn/a
Product-patbbcoden/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.52% / 65.72%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 22:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.

Action-Not Available
Vendor-yappa-ngn/a
Product-yappa-ngn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.10% / 89.42%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 10:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.

Action-Not Available
Vendor-pindoraman/a
Product-pindoraman/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.02% / 90.35%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.

Action-Not Available
Vendor-datecommn/a
Product-social_networking_scriptn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.53% / 66.05%
||
7 Day CHG~0.00%
Published-04 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.

Action-Not Available
Vendor-e-arkn/a
Product-e-arkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-39.15% / 97.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2007 | 21:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.

Action-Not Available
Vendor-vortex_portaln/a
Product-vortex_portaln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 18:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Action-Not Available
Vendor-webmaster-tipsn/aJoomla!
Product-joomlaflash_rss_readern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.02% / 89.31%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Action-Not Available
Vendor-phpdjn/a
Product-phpdjn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6191
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 82.95%
||
7 Day CHG~0.00%
Published-30 Nov, 2007 | 01:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.

Action-Not Available
Vendor-pmappern/a
Product-p.mappern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.98% / 82.85%
||
7 Day CHG~0.00%
Published-27 Nov, 2007 | 19:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.

Action-Not Available
Vendor-iaprcommencen/a
Product-iapr_commencen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.03% / 91.11%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.

Action-Not Available
Vendor-talkbackn/a
Product-talkbackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.40%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.02% / 89.31%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 11:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-joomlaequipmentn/a
Product-jusern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-6042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 19:00
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-swsoftn/a
Product-confixx_professionaln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.83% / 89.11%
||
7 Day CHG~0.00%
Published-10 Nov, 2007 | 02:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.

Action-Not Available
Vendor-jean_charlesn/a
Product-jbc_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-31.66% / 96.65%
||
7 Day CHG~0.00%
Published-03 Oct, 2007 | 14:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.

Action-Not Available
Vendor-phpwcms-xtn/a
Product-phpwcms-xtn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.57% / 90.76%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.

Action-Not Available
Vendor-verlihub-projectn/a
Product-verlihub_control_paneln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 77.00%
||
7 Day CHG~0.00%
Published-05 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call.

Action-Not Available
Vendor-jimmacn/a
Product-original_photo_galleryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.40%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 16:04
Updated-07 Aug, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

Action-Not Available
Vendor-caupo.netn/a
Product-cauposhop_pron/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.26% / 49.52%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 19:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.

Action-Not Available
Vendor-michael_dempflen/aJoomla!
Product-joomlajoomla_flash_uploadern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5696
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.

Action-Not Available
Vendor-phpbasicn/a
Product-phpbasicn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.67% / 90.85%
||
7 Day CHG+1.65%
Published-06 Nov, 2007 | 21:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.

Action-Not Available
Vendor-syndeocmsn/a
Product-syndeocmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.45% / 84.59%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter.

Action-Not Available
Vendor-futurenuken/a
Product-platinumn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.10% / 89.42%
||
7 Day CHG~0.00%
Published-08 Oct, 2007 | 23:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.

Action-Not Available
Vendor-trionicn/a
Product-cite_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.61% / 91.47%
||
7 Day CHG~0.00%
Published-06 Nov, 2007 | 21:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.

Action-Not Available
Vendor-nuboardn/a
Product-nuboardn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-03 Oct, 2007 | 14:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.

Action-Not Available
Vendor-actsiten/a
Product-actsiten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 9
  • 10
  • Next
Details not found