Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
NVD-CWE-Other
CVE-2007-2547
Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2007-2548
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to “Cookie Manipulation.”
CVE-2007-2549
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with “ccSID” to (1) cart.php or (2) index.php.
CVE-2007-2551
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.