Vulnerabilities (CVE)

Filtered by CWE-94
Total 6417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-7183 1 Evacms 1 Eva Cms 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.
CVE-2008-7152 1 Simon Rycroft 1 Sid 2026-06-16 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php.
CVE-2008-7123 1 Zkup 1 Zkup 2026-06-16 6.8 MEDIUM N/A
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
CVE-2008-7087 1 Openpro 1 Openpro 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
CVE-2008-7073 2 Ekkaia, Rssmodule 2 Pie Web, Rss Module 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
CVE-2008-7070 1 Kvirc 1 Kvirc 2026-06-16 9.3 HIGH N/A
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
CVE-2008-7067 1 Pagetreecms 1 Page Tree Cms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
CVE-2008-7042 1 Freshscripts 1 Fresh Email Script 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
CVE-2008-7034 1 Tigran Abrahamyan 1 Phpecho Cms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
CVE-2008-7005 1 Minb 1 Minb Is Not A Blog 2026-06-16 7.5 HIGH N/A
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution.
CVE-2008-7000 1 Phpauction 1 Phpauction 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
CVE-2008-6983 1 Devalcms 1 Devalcms 2026-06-16 7.5 HIGH N/A
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
CVE-2008-6958 1 Comsenz 1 Crossday Discuz\! Board 2026-06-16 6.5 MEDIUM N/A
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
CVE-2008-6956 1 Infireal 1 Mxcamarchive 2026-06-16 6.5 MEDIUM N/A
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6937 1 Jabber 1 Exodus 2026-06-16 10.0 HIGH N/A
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6936 1 Jabber 1 Exodus 2026-06-16 9.3 HIGH N/A
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
CVE-2008-6935 1 Joe Fuhrman 1 Exodus 2026-06-16 10.0 HIGH N/A
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
CVE-2008-6934 1 Sansuart 1 Free Simple Guestbook Php Script 2026-06-16 7.5 HIGH N/A
Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.
CVE-2008-6902 1 2532gigs 1 2532gigs 2026-06-16 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.
CVE-2008-6900 1 Availscript 1 Availscript Article Script 2026-06-16 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.