Php Exploits
1,334 exploits tracked across all sources.
Nucleus <3.22 - RCE
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
by rgod
Xoops < 2.0.13.2 - Path Traversal
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
by rgod
Php Fusion - SQL Injection
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
by rgod
Deluxebb < 1.06 - Unrestricted File Upload
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
by rgod
Sugarcrm - Path Traversal
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
by rgod
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution
by rgod
Unclassified Newsboard < 1.5.3d - Path Traversal
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
by rgod
Ispconfig < 2.2.2 - Code Injection
PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled
by ReZEN
ActualAnalyzer Pro 6.88 - 'rf' Remote File Inclusion
by ReZEN
Php Fusion - Path Traversal
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.
by rgod
Limbo Cms - SQL Injection
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by [Oo]
X7 Group X7 Chat - Path Traversal
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
by rgod
I-RATER Platinum - RCE
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
by O.U.T.L.A.W
Coolmenus - Code Injection
PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.
by botan
Phpsurveyor - SQL Injection
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
by rgod
PCPIN Chat 5.0.4 - 'login/language' Remote Code Execution
by rgod
Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service
by trueend5
Clanscripte.net Fuju News - SQL Injection
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by snatcher
Fuju News 1.0 - Auth Bypass
edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie.
by snatcher
Blackorpheus Clanmemberskript - SQL Injection
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter.
by snatcher
PHP Album <0.3.2.3 - RCE
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
by rgod
sysinfo <2.25 - Code Injection
Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.
by rgod
Phpwebsite < 0.10.2 - Path Traversal
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
by rgod
sysinfo <1.21 - Info Disclosure
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.
by rgod
By Source