o0xxdark0o

CVE-2007-3228 EXPLOITDB text WORKING POC

Sitellite CMS <= 4.2.12 - Remote File Inclusion via FORUM[LIB] Parameter

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.

View Code

CVE-2007-3230 EXPLOITDB text WORKING POC

Sitellite - Remote File Inclusion via htmlclass_path Parameter

PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.

View Code

CVE-2007-3270 EXPLOITDB text WORKING POC

phpMyInventory 2.8 - Remote File Inclusion via strIncludePrefix Parameter

PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.

View Code

CVE-2006-5426 EXPLOITDB text WORKING POC

LoCal Calendar System 1.1 - Remote File Inclusion via LIBDIR Parameter

PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter.

View Code

CVE-2006-5522 EXPLOITDB text WORKING POC

Johannes Erdfelt Kawf < 1.0 - Remote File Inclusion via Config Parameter

Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.

View Code