Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2006-10-31 CVE-2006-5612 Code Injection vulnerability in Michel Pradel Gestart Beta1
PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.
network
low complexity
michel-pradel CWE-94
7.5
7.5
2006-10-26 CVE-2006-5519 Code Injection vulnerability in Mambweather
PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. 		6.8
6.8
2006-10-26 CVE-2006-5517 Code Injection vulnerability in Rhode Island Secretary of State Open Meetings Filing System
Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.
network
low complexity
rhode-island-secretary-of-state CWE-94
7.5
7.5
2006-10-25 CVE-2006-5507 Code Injection vulnerability in DER Dirigent DER Dirigent 1.0.3
Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.
network
low complexity
der-dirigent CWE-94
7.5
7.5
2006-10-25 CVE-2006-5506 Code Injection vulnerability in Wiclear 0.10
Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.
network
low complexity
wiclear CWE-94
7.5
7.5
2006-10-25 CVE-2006-5494 Code Injection vulnerability in PHPnuke PHP-Nuke 8.0
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters.
network
low complexity
phpnuke CWE-94
7.5
7.5
2006-10-24 CVE-2006-5481 Code Injection vulnerability in Castor 1.1.1
Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files.
network
low complexity
castor CWE-94
7.5
7.5
2006-10-24 CVE-2006-5480 Code Injection vulnerability in Castor PHP web Builder 1.1.1
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
network
high complexity
castor CWE-94
5.1
5.1
2006-10-20 CVE-2006-5439 Code Injection vulnerability in Comdev Misc Tools 4.1
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev CWE-94
7.5
7.5
2006-10-20 CVE-2006-5418 Code Injection vulnerability in PHPbb Searchindexer
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
network
phpbb CWE-94
6.8
6.8