The OpenSiteAdmin 0.9.7 BETA version is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious file path in the 'path' parameter of the 'pageHeader.php' file. This allows the attacker to include and execute arbitrary files on the server.
Multiple remote file inclusion vulnerabilities in FreeSchool 1.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) biblioteca/bib_form.php, (2) biblioteca/bib_pldetails.php, (3) biblioteca/bib_plform.php, (4) biblioteca/bib_plsearchc.php, (5) biblioteca/bib_plsearchs.php, (6) biblioteca/bib_save.php, (7) biblioteca/bib_searchc.php, (8) biblioteca/bib_searchs.php, (9) biblioteca/edi_form.php, (10) biblioteca/edi_save.php, (11) biblioteca/gen_form.php, (12) biblioteca/gen_save.php, (13) biblioteca/lin_form.php, (14) biblioteca/lin_save.php, (15) biblioteca/luo_form.php, (16) biblioteca/luo_save.php, (17) biblioteca/sog_form.php, (18) biblioteca/sog_save.php, (19) calendario/cal_insert.php, (20) calendario/cal_save.php, or (21) calendario/cal_saveactivity.php.
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
This exploit allows an attacker to include remote files in the MailForm software. The vulnerability exists in the 'index.php' file, specifically in the 'theme' parameter. By manipulating this parameter, an attacker can execute arbitrary code from a remote location.
The FusionForge 5.0 application is vulnerable to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary remote files, leading to remote code execution.
The Direct News 4.10.2 script is vulnerable to multiple remote file inclusion vulnerabilities. The affected files include 'menu.php', 'update_content.php', 'class.backup.php', and 'lib.menu.php'. These vulnerabilities allow an attacker to include arbitrary remote files by manipulating the 'rootpath' or 'adminroot' parameters. This can lead to remote code execution and compromise the security of the application.
The Public Media Manager <= 1.3 has a vulnerability in the forms_dir parameter of the comcal/calmenu.php file. An attacker can include a remote file using the forms_dir parameter, which can lead to remote code execution.
Variables $mosConfig_absolute_path are not properly sanitized, allowing an attacker to inject a simple PHP script and gain system access. The vulnerability can be exploited when register_globals=on and allow_fopenurl=on.
Variable $domain not sanitized. When register_globals=on, an attacker can exploit this vulnerability with a simple PHP injection script.
Variable $_CONF[path] not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple PHP injection script. The vulnerability can be exploited by injecting an evil script into the _CONF[path] parameter in various plugins of GeekLog. The affected plugins include links, polls, spamx, and more.