Vulnerabilities (CVE)

Filtered by vendor Peopleaggregator Subscribe
Filtered by product Peopleaggregator
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5631 1 Peopleaggregator 1 Peopleaggregator 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.