| Затронутые продукты: |  | JOOMLA : D4JeZine 2.8 module for Jumla |
| | | XOOPS : Lykos Reviews 1.00 module for Xoops |
| | | XOOPS : MyAds 2.03 module for Xoops |
| | | XOOPS : Articles 1.02 module for Xoops |
| | | XOOPS : Friendfinder 3.3 module for Xoops |
| CVE: |  | CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.) |
| | | CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105.) |
| | | CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.) |
| | | CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.) |
| | | CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.) |
| | | CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.) |
| | | CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.) |
| | | CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.) |
| | | CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.) |
| | | CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.) |
| | | CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.) |
| | | CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.) |
