mdx

18 exploits Active since Dec 2003
CVE-2006-6763 EXPLOITDB WORKING POC
Keep It Simple Guest Book - Theme Path Remote File Inclusion Code Execution
Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.
CVE-2006-6764 EXPLOITDB text WORKING POC
Keep It Simple Guest Book 5.1.1 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter.
CVE-2006-6691 EXPLOITDB text WORKING POC
Valdersoft Shopping Cart <3.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
CVE-2007-5840 EXPLOITDB text WORKING POC
SyndeoCMS 2.5.01 - Remote Code Execution via cmsdir Parameter
PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
CVE-2006-4824 EXPLOITDB text WORKING POC
Quicksilver Forums < 1.2.1 - Remote File Inclusion via set[include_path] Parameter
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
CVE-2006-5281 EXPLOITDB text WORKING POC
n@board < 3.1.9e - Remote File Inclusion via Skin Parameter
PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.
CVE-2006-4372 EXPLOITDB text WORKING POC
Mambo com_lurm_constructor <0.6b - RCE
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2006-4296 EXPLOITDB text WRITEUP
Mambo bigAPE-Backup Component - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.
CVE-2006-4270 EXPLOITDB text WORKING POC
mambelfish_component < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4203 EXPLOITDB text WORKING POC
Mambo com_mmp <1.2 - Remote Code Execution
PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-1635 EXPLOITDB text WORKING POC
Keep It Simple Guest Book <5.1.1 - Path Traversal
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
CVE-2007-5457 EXPLOITDB text WORKING POC
Joomla Flash Uploader 2.5.1 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVE-2007-5451 EXPLOITDB text WORKING POC
com_colorlab 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2003-1314 EXPLOITDB text WORKING POC
EternalMart Guestbook 1.1 - Remote File Inclusion via emgb_admin_path Parameter
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
CVE-2007-2302 EXPLOITDB text WORKING POC
Expow 0.8 - Remote File Inclusion via autoindex.php cfg_file Parameter
PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.
CVE-2006-5429 EXPLOITDB text WORKING POC
BRIM < 1.2.1 - Remote File Inclusion via Renderer Parameter
Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/.
CVE-2006-6830 EXPLOITDB text WORKING POC
b2_blog < 0.5 - Remote File Inclusion via index Parameter
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
CVE-2006-5307 EXPLOITDB text WORKING POC
AFGB GUESTBOOK 2.2 - Remote File Inclusion via Htmls Parameter
Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php.