| CVE-2006-6850 | | 0.04 | — | 0.07 | | Dec 31, 2006 | PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. |
| CVE-2006-4826 | | 0.04 | — | 0.08 | | Sep 15, 2006 | PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| CVE-2006-4885 | | 0.03 | — | 0.03 | | Sep 19, 2006 | PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826. |
| CVE-2006-1701 | | 0.03 | — | 0.01 | | Apr 11, 2006 | Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. |
