Vulnerabilities > Openengine
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-23 | CVE-2008-4719 | Code Injection vulnerability in Openengine 2.0 PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329. | 9.3 |
2008-09-30 | CVE-2008-4329 | Improper Input Validation vulnerability in Openengine PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter. | 10.0 |
2006-05-10 | CVE-2006-2280 | Unspecified vulnerability in Openengine 1.7.1/1.8Beta2 Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. | 5.0 |