beks

2 exploits Active since Jan 2007

CVE-2007-0172 EXPLOITDB text WRITEUP

AllMyGuests < 0.3 - Remote File Inclusion via AMG_serverpath Parameter

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

View Code

CVE-2007-1021 EXPLOITDB text WORKING POC

CodeAvalanche News 1.x - SQL Injection

SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.

View Code