Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.
NVD-CWE-Other
CVE-2007-1810
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1811
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
CVE-2007-1812
PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter.
CVE-2007-1813
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
CVE-2007-1814
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.