phpadventure 1.1-Alpha - Remote File Inclusion via _mygamefile Parameter
PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.
FlashBlog - SQL Injection via articulo_id Parameter
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.