Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-01 | CVE-2006-6212 | Code Injection vulnerability in Webwiz Site News 2.00 PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
| 2006-11-24 | CVE-2006-6086 | Code Injection vulnerability in E-Ark 1.0 PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | 5.1 |
| 2006-11-22 | CVE-2006-6041 | Code Injection vulnerability in Laurent VAN DEN Reysen Work System E-Commerce Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/. | 7.5 |
| 2006-11-11 | CVE-2006-5865 | Code Injection vulnerability in Damien Benier Myalbum PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. | 7.5 |
| 2006-11-07 | CVE-2006-5788 | Code Injection vulnerability in Iprimal Forums PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter. | 7.5 |
| 2006-11-06 | CVE-2006-5767 | Code Injection vulnerability in Drake Team Drake CMS PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. | 6.8 |
| 2006-11-06 | CVE-2006-5764 | Code Injection vulnerability in Free PHP Scripts Free File Hosting PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 7.5 |
| 2006-11-06 | CVE-2006-5762 | Code Injection vulnerability in Free PHP Scripts Free File Hosting and Free Image Hosting PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 5.1 |
| 2006-11-01 | CVE-2006-5634 | Code Injection vulnerability in PHPprofiles Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | 6.8 |
| 2006-10-31 | CVE-2006-5621 | Code Injection vulnerability in ASK Rave ASK Rave PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | 7.5 |