Page 11 of 52 results (0.006 seconds)

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 3

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en WEBInsta CMS 0.3.1 y posiblemente anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro templates_dir. • https://www.exploit-db.com/exploits/2175 http://advisories.echo.or.id/adv/adv45-K-159-2006.txt http://my.opera.com/atomo64/blog/show.dml/443167 http://secunia.com/advisories/21463 http://securityreason.com/securityalert/1400 http://www.securityfocus.com/archive/1/443154/100/0/threaded http://www.securityfocus.com/archive/1/445083/100/0/threaded http://www.securityfocus.com/bid/19489 http://www.vupen.com/english/advisories/2006/3276 https://exchange.xforce.ibmcloud.c •

CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. • https://www.exploit-db.com/exploits/1605 http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://www.securityfocus.com/bid/17209 http://www.vupen.com/english/advisories/2006/1052 http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10 https://exchange.xforce.ibmcloud.com/vulnerabilities/25399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •