This exploit allows an attacker to include a remote file on the web server. It occurs due to the use of user-supplied input without proper validation.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'type' and 'cgipath' parameters in 'ip.inc.php' script. A remote attacker can include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'fullpath' parameter to the 'Core/core.inc.php' script. This can be exploited to include arbitrary files from remote locations by passing a URL in the 'fullpath' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the 'php.ini' configuration file.
A remote file inclusion vulnerability exists in freePBX v2.1.3. The vulnerability is due to the 'require_once' function in the upgrade.php script, which allows an attacker to include arbitrary files from remote locations. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the 'amp_conf[AMPWEBROOT]' parameter.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system. The vulnerability exists in the viewticket.php file, which includes the pmd-config.php file. The pmd-config.php file contains a variable called $pmdlang, which is used to include a file from the lang directory. An attacker can use this vulnerability to include a remote file and execute arbitrary commands on the vulnerable system.
A remote file include vulnerability exists in PhpShop-Core v0.9.0 RC1. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable system.
UnAuthenticated user can delete every sites virtual directory on hc sites by forum, make forum virtual directory (with the desire name) for everysites on hc, disable all hc forums by SQL Injection, and enable all hc forums by SQL Injection. Bugs are available in 'DisableForum.asp' and 'enableForum.asp' in forum directory.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. The exploit is triggered when the application takes user input and inserts it into a SQL query without proper sanitization. This can allow an attacker to gain access to sensitive information, modify data, or even delete data from the database.
This exploit allows an attacker to gain access to the Coppermine Photo Gallery 1.4.9 application by exploiting a Remote SQL Injection vulnerability. The attacker needs a valid user account to exploit this vulnerability. The exploit requires the host, path, table prefix, user id, username and password as parameters. The exploit uses the 'albmgr.php' script to inject a malicious SQL query and extract the user's password.
N/X 2002 Professional Edition Web CMS version 4.1 is vulnerable to a remote file include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can lead to the execution of arbitrary code on the server.
Services By CQR