Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file inclusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2616
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote malicious users to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
Ezupload Ezupload 2.2
4 EDB exploits
NA
CVE-2006-4063
Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get...
Csaba Godor Sapid Blog Beta 2 Initial
4 EDB exploits
NA
CVE-2009-2218
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents...
David Degner Phpcollegeexchange 0.1.5c
1 EDB exploit
NA
CVE-2009-2219
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote malicious users to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to...
David Degner Phpcollegeexchange 0.1.5c
1 EDB exploit
NA
CVE-2002-1887
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote malicious users to execute arbitrary PHP code via the l parameter.
Gregory Kokanosky Phpmynewsletter 0.6.10
2 EDB exploits
NA
CVE-2009-4543
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote malicious users to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. ...
Cromosoft Facil Helpdesk 2.3
1 EDB exploit
NA
CVE-2009-0596
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
Phpskelsite Phpskelsite 1.4
1 EDB exploit
NA
CVE-2006-4278
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the mainnav parameter.
Sportsphool Sportsphool 1.0
2 EDB exploits
NA
CVE-2009-4699
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
Skadate Skadate Online Dating Software 6.0
Skadate Skadate Online Dating Software 6.482
Skadate Skadate Online Dating Software
Skadate Skadate Online Dating Software 5.0
1 EDB exploit
NA
CVE-2009-4700
Directory traversal vulnerability in index.php in SkaDate Dating allows remote malicious users to read arbitrary files via a .. (dot dot) in the layout parameter.
Skadate Skadate Online Dating Software 5.0
Skadate Skadate Online Dating Software
Skadate Skadate Online Dating Software 6.482
Skadate Skadate Online Dating Software 6.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »