Search Results (6917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5163 1 Nexty 1 Nexty 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2007-5164 1 Universibo 1 Universibo 2026-04-23 N/A
PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2007-5165 1 Myipacng-stats 1 Myipacng-stats 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use
CVE-2007-5166 1 Sitesys 1 Sitesys 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.
CVE-2007-5167 1 Phplister 1 Phplister 2026-04-23 N/A
PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter.
CVE-2007-5173 2 Openid, Phpbb 2 Openid, Phpbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-5175 1 Actsite 1 Actsite 2026-04-23 N/A
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
CVE-2007-5837 1 Yarssr 1 Yarssr 2026-04-23 N/A
GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
CVE-2007-5841 1 Nuboard 1 Nuboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5842 1 Vortex Portal 1 Vortex Portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.
CVE-2007-5843 1 Scwiki 1 Scwiki 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2007-5845 1 Guppy 1 Guppy 2026-04-23 N/A
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
CVE-2007-5914 1 Jean Charles 1 Jbc Explorer 2026-04-23 N/A
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
CVE-2007-5994 1 Yappa-ng 1 Yappa-ng 2026-04-23 N/A
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
CVE-2007-5995 1 Php-tools 1 Patbbcode 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
CVE-2007-6038 1 Joomlaequipment 1 Juser 2026-04-23 N/A
PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-6042 1 Swsoft 1 Confixx Professional 2026-04-23 N/A
PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6088 1 Phpbbviet 1 Phpbbviet 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-6089 1 Mebiblio 1 Mebiblio 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-6105 1 Talkback 1 Talkback 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.