Php Exploits
1,333 exploits tracked across all sources.
gCards < 1.45 - Remote File Inclusion via Directory Traversal in lang Parameter
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
by rgod
gCards < 1.45 - Cross-Site Scripting via lang[*][file] Parameter
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
by rgod
Nodez <= 4.6.1.1 - Unauthenticated Sensitive Data Exposure via list.gtdat
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
by rgod
php_icalendar < 2.2.1 - Unauthenticated Arbitrary File Upload via WebDAV PUT Request
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
by rgod
PHP iCalendar <2.21 - Path Traversal
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
by rgod
GuppY 4.5.11 - Directory Traversal and Arbitrary File Write via dwnld.php pg Parameter
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
by trueend5
RedBLoG 0.5 - SQL Injection via RSS cat_id Parameter
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by x128
Gallery < 2.0.4 and 2.1 < RC-2a - Directory Traversal via stepOrder Parameter
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
by rgod
4images image_gallery_management_system < 1.7.1 - Directory Traversal via Template Parameter
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
by rgod
LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta - SQL Injection via Board Module fid Parameter
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.
by x128
NOCC Webmail 1.0 - Directory Traversal via Session Parameter or HTTP Header
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php.
by rgod
Noahs Classifieds 1.3 - 'lowerTemplate' Remote Code Execution
by trueend5
ilchClan 1.05g - SQL Injection via Forum Module pid Parameter
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.
by x128
BXCP 0.299 - SQL Injection via tid Parameter
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by x128
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
by rgod
PHPKIT 1.6.1 Release 2 - Code Injection
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
by rgod
DreamCost HostAdmin - Remote File Inclusion via Uninitialized $path Variable
PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.
by ReZEN
webspell < 4.01.00 - SQL Injection via search.php title_op Parameter
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
by x128
supersmashbrothers Army System 2.1.0 - SQL Injection via userstat Parameter
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
by fRoGGz
Flyspray 0.9.7 - Directory Traversal via adodbpath Parameter
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
by rgod
DocMGR 0.54.2 - Remote File Inclusion via Uninitialized $siteModInfo Variable
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
by rgod
runcms < 1.2 - Directory Traversal via bbPath[path] Parameter
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
by rgod
pwsphp < 1.2.3 - SQL Injection via profil.php aff_news_form Parameter
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
by papipsycho
By Source