Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-31 | CVE-2006-5612 | Code Injection vulnerability in Michel Pradel Gestart Beta1 PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter. | 7.5 |
2006-10-26 | CVE-2006-5519 | Code Injection vulnerability in Mambweather PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-10-26 | CVE-2006-5517 | Code Injection vulnerability in Rhode Island Secretary of State Open Meetings Filing System Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. | 7.5 |
2006-10-25 | CVE-2006-5507 | Code Injection vulnerability in DER Dirigent DER Dirigent 1.0.3 Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/. | 7.5 |
2006-10-25 | CVE-2006-5506 | Code Injection vulnerability in Wiclear 0.10 Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/. | 7.5 |
2006-10-25 | CVE-2006-5494 | Code Injection vulnerability in PHPnuke PHP-Nuke 8.0 Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. | 7.5 |
2006-10-24 | CVE-2006-5481 | Code Injection vulnerability in Castor 1.1.1 Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. | 7.5 |
2006-10-24 | CVE-2006-5480 | Code Injection vulnerability in Castor PHP web Builder 1.1.1 PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. | 5.1 |
2006-10-20 | CVE-2006-5439 | Code Injection vulnerability in Comdev Misc Tools 4.1 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
2006-10-20 | CVE-2006-5418 | Code Injection vulnerability in PHPbb Searchindexer PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |