Vulnerabilities (CVE)

Filtered by CWE-94
Total 6417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6305 1 Freedirectoryscript 1 Free Directory Script 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
CVE-2008-6287 1 Getmiro 1 Broadcast Machine 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
CVE-2008-6251 1 Scripts 1 Phpfan 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2008-6223 1 Wotw 1 Way Of The Warrior 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
CVE-2008-6221 2 Dadamailproject, Joomla 2 Dada Mail Manager, Joomla 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-6206 1 Robotstats 1 Robotstats 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6196 1 Philippe Crochat 1 Easysite 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6178 2 Fckeditor, Phplist 2 Fckeditor, Phplist 2026-06-16 7.5 HIGH N/A
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
CVE-2008-6138 1 Webbiscuits 1 Modules Controller 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2008-6132 1 Brickhost 1 Phpscheduleit 2026-06-16 6.8 MEDIUM N/A
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2008-6103 1 A4desk 1 A4desk Flash Event Calendar 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.
CVE-2008-6099 1 Rportal 1 Rportal 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.
CVE-2008-6066 1 Meet\#web 1 Meet\#web 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6036 1 Basebuilder 1 Basebuilder 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
CVE-2008-6023 1 Xnova 1 Xnova 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
CVE-2008-6022 1 Xnova 1 Xnova 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
CVE-2008-6006 1 Minbank 1 Micronation Banking System 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
CVE-2008-5949 1 Tiddlywiki 1 Cctiddly 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
CVE-2008-5947 1 Yapbb 1 Yapbb 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.
CVE-2008-5938 1 Modxcms 1 Modxcms 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.