ZoneX 1.0.3 - Publishers Gold Edition is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the phpbb_root_path parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.
Visual Events Calendar v1.1 is vulnerable to a remote inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a URL in the cfg_dir parameter, which points to a malicious script hosted on a remote server. This script is then included and executed on the vulnerable server.
PHPCodeCabinet (all versions) is vulnerable to a remote file include due to an $BEAUT_PATH not being properly scrubbed. A proof of concept is provided in the form of a URL which includes a malicious file, HFile.php, which would be used as a php shell.
An attacker can exploit a SQL injection vulnerability in YenerTurk Haber Script v1.0 to gain access to the admin credentials. By sending a specially crafted HTTP request to the vulnerable application, an attacker can execute arbitrary SQL commands in the back-end database. This can be exploited to gain access to the admin credentials by sending a request to the vulnerable application containing the following payload: '-1 union select 0,kullanici_adi,2,3,4,5,6,7,8 from admin where id like 1' and '-1 union select 0,sifre,2,3,4,5,6,7,8 from admin where id like 1'
A vulnerability exists in Questwork Web Content Management system (QuestCMS) which allows an attacker to include a remote file by using a malicious URL in the 'pi' parameter in main/main.php. This can be exploited to execute arbitrary PHP code by including a file from a malicious server.
NEWSolved Lite v1.9.2 is vulnerable to Remote File Inclusion due to improper sanitization of the $abs_path parameter. This can lead to Remote File Execution.
Input passed to the "base_dir" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The cms from http://www.cms-center.com/ uses no security at all, just a boolean 'isloggedin'. If you submit 'loggedin=1' in the URL of any of the admin pages, you get full controll. The vulnerable code is present in the auth.php file and the vulnerable files are /admin/item_modify.php, /admin/item_list.php, /admin/item_legend.php, /admin/item_detail.php, /admin/index.php, /admin/config_pages.php, /admin/add_item1.php. Proof of the exploit can be found by Googling for 'powered by php mysql simple cms' and typing 'admin/config_pages.php?loggedin=1' behind the url.
The $installed_config_file variable is not properly sanitized before being used, allowing an attacker to include a remote file containing malicious code. This can lead to remote file execution.
A remote file include vulnerability exists in SAPID Shop version 1.2 and earlier. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal sequences and a malicious file path in the GLOBALS[root_path] parameter to the get_tree.inc.php script.
Services By CQR