header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

OpenSiteAdmin 0.9.7 BETA Remote File Include Vulnerability

The OpenSiteAdmin 0.9.7 BETA version is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious file path in the 'path' parameter of the 'pageHeader.php' file. This allows the attacker to include and execute arbitrary files on the server.

FreeSchool <= 1.1.0 Mutiple Remote File Include Vulnerability

Multiple remote file inclusion vulnerabilities in FreeSchool 1.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) biblioteca/bib_form.php, (2) biblioteca/bib_pldetails.php, (3) biblioteca/bib_plform.php, (4) biblioteca/bib_plsearchc.php, (5) biblioteca/bib_plsearchs.php, (6) biblioteca/bib_save.php, (7) biblioteca/bib_searchc.php, (8) biblioteca/bib_searchs.php, (9) biblioteca/edi_form.php, (10) biblioteca/edi_save.php, (11) biblioteca/gen_form.php, (12) biblioteca/gen_save.php, (13) biblioteca/lin_form.php, (14) biblioteca/lin_save.php, (15) biblioteca/luo_form.php, (16) biblioteca/luo_save.php, (17) biblioteca/sog_form.php, (18) biblioteca/sog_save.php, (19) calendario/cal_insert.php, (20) calendario/cal_save.php, or (21) calendario/cal_saveactivity.php.

Direct News 4.10.2 Multiple Remote File Include Vulnerability

The Direct News 4.10.2 script is vulnerable to multiple remote file inclusion vulnerabilities. The affected files include 'menu.php', 'update_content.php', 'class.backup.php', and 'lib.menu.php'. These vulnerabilities allow an attacker to include arbitrary remote files by manipulating the 'rootpath' or 'adminroot' parameters. This can lead to remote code execution and compromise the security of the application.

GeekLog <= 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities

Variable $_CONF[path] not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple PHP injection script. The vulnerability can be exploited by injecting an evil script into the _CONF[path] parameter in various plugins of GeekLog. The affected plugins include links, polls, spamx, and more.

Recent Exploits: