K3ZZAP66345

4 exploits Active since Aug 2007
CVE-2007-5186 EXPLOITDB text WRITEUP
Segue CMS < 1.8.4 - Remote Code Execution via themesdir Parameter
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.
CVE-2007-5185 EXPLOITDB text WORKING POC
phpwcms-xt < 0.0.7_beta - Remote Code Execution via HTML_MENU_DirPath Parameter
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
CVE-2007-4279 EXPLOITDB text WRITEUP
FrontAccounting 1.12 Build 31 - RCE
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
CVE-2007-5117 EXPLOITDB text WRITEUP
FrontAccounting 1.13 - Remote Code Execution via path_to_root Parameter
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.