admin configphp software vulnerabilities
vulnerabilities.aspcode.net
Searching admin configphp software vulnerabilities
savesettings.php in phpGB 1.20 and earlier does
savesettingsphp
|
phpGB
|
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
Directory traversal vulnerability in Advanced P
vulnerability
|
Directory
|
traversal
|
Advanced
|
Poll
|
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
NewsPHP allows remote attackers to gain unautho
"autorized=admin;
|
administrative
|
unauthorized
|
root=admin"
|
attackers
|
setting
|
NewsPHP
|
cookie
|
remote
|
allows
|
access
|
value
|
gain
|
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
admin_setup.php in paNews 2.0.4b allows remote
admin_setupphp
|
attackers
|
arbitrary
|
inject
|
paNews
|
allows
|
remote
|
code
|
204b
|
via
|
PHP
|
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
Direct static code injection vulnerability in t
vulnerability
|
modify_config
|
injection
|
PHP-Stats
|
adminphp
|
action
|
static
|
Direct
|
code
|
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.
Direct static code injection vulnerability in Q
administrators
|
vulnerability
|
authenticated
|
injection
|
modifying
|
configphp
|
arbitrary
|
execute
|
Direct
|
static
|
QLnews
|
remote
|
allows
|
code
|
PHP
|
Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.
Global variable overwrite vulnerability in PHP-
phpbb_root_path
|
vulnerability
|
attackers
|
parameter
|
inclusion
|
overwrite
|
modified
|
variable
|
PHP-Nuke
|
attacks
|
conduct
|
scripts
|
remote
|
allows
|
Global
|
admin
|
file
|
PHP
|
via
|
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value.
PHP remote file inclusion vulnerability in Czar
vulnerability
|
inclusion
|
CzarNews
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
admin/index.php in Longino Jacome php-Revista 1
admin/indexphp
|
php-Revista
|
Longino
|
Jacome
|
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
Direct static code injection vulnerability in d
X-FORWARDED-FOR
|
vulnerability
|
2006-030-09c
|
arbitrary
|
configphp
|
injection
|
attackers
|
DokuWiki
|
execute
|
dokuphp
|
stored
|
header
|
before
|
static
|
Direct
|
allows
|
remote
|
which
|
code
|
HTTP
|
via
|
PHP
|
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
arbitrary
|
attackers
|
directory
|
traversal
|
Multiple
|
enomphp
|
remote
|
files
|
allow
|
read
|
via
|
Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to (1) config.php, (2) ranklv_inside.php, (3) rankml_inside.php, and (4) admin/Restore/config.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
PhpLeague
|
inclusion
|
Multiple
|
Univert
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Directory traversal vulnerability in include/co
include/configphp
|
vulnerability
|
E-Uploader
|
arbitrary
|
attackers
|
traversal
|
Directory
|
execute
|
earlier
|
allows
|
remote
|
code
|
via
|
Pro
|
PHP
|
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
download.php in FD Script 1.3.2 and earlier all
downloadphp
|
Script
|
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
** DISPUTED ** PHP remote file inclusion vulne
tc_config[rootdir]
|
vulnerability
|
Trevorchan
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
DISPUTED
|
execute
|
earlier
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
Ezboo webstats, possibly 3.0.3, allows remote a
possibly
|
webstats
|
Ezboo
|
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
** DISPUTED ** Multiple PHP remote file inclus
vulnerabilities
|
inclusion
|
attackers
|
arbitrary
|
parameter
|
Multiple
|
DISPUTED
|
execute
|
phpXmms
|
remote
|
tcmdp
|
allow
|
file
|
code
|
PHP
|
via
|
URL
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.
MyBlog 0.9.8 and earlier allows remote attacker
MyBlog
|
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
** DISPUTED ** Multiple PHP remote file inclus
vulnerabilities
|
inclusion
|
DISPUTED
|
Multiple
|
Modules
|
Builder
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string.
Multiple PHP remote file inclusion vulnerabilit
cfg[document_uri]
|
vulnerabilities
|
Creamotion
|
attackers
|
arbitrary
|
parameter
|
inclusion
|
Multiple
|
execute
|
remote
|
allow
|
code
|
file
|
PHP
|
URL
|
CMS
|
via
|
Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
Software vulnerabilities results 1 to 20 of 729
Page:
1
2
3
4
5
...
37
►