Akarru v0.4.3.34 is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server. The vulnerable parameter is bm_content, which can be exploited by appending a malicious URL to the end of the request. This vulnerability can be exploited to gain remote access to the vulnerable server.
Beautifier v0.1 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the BEAUT_PATH parameter of the Core.php file. This will allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in phpFullAnnu v5.1, due to improper validation of user-supplied input in the 'repmod' parameter of the 'modules/home.module.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the 'repmod' parameter.
A vulnerability exists in BinGo News v3.01, which allows a remote attacker to include a file from a remote host. The vulnerability is due to the bp_ncom.php script not properly sanitizing user-supplied input to the 'bnrep' parameter. This can be exploited to include arbitrary files from remote hosts by passing an URL in the 'bnrep' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the php.ini file.
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
This exploit allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'cmd' parameter in 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the server.
A vulnerability exists in Sponge News v2.2, due to the improper validation of user-supplied input in the 'sndir' parameter of the 'news.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by passing a malicious URL in the 'sndir' parameter.
A vulnerability exists in C-News v1.0.1 which allows a remote attacker to include a file from a remote host. The vulnerability is due to the 'path' parameter in the 'affichage/commentaires.php' script not properly sanitized before being used in an include() function call. This can be exploited to include arbitrary files from remote hosts by passing a URL as the 'path' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the php.ini file.
A vulnerability exists in ACGV News v0.9.1 due to improper validation of user-supplied input in the 'PathNews' parameter of the 'article.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the 'PathNews' parameter.
A remote SQL injection vulnerability exists in ©ZIXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ‘RepId’ parameter in the ‘ReplyNew.asp’ page to inject malicious SQL code and gain access to the admin panel.
Services By CQR