CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.9%
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
Vendor | Product | Version | CPE |
---|---|---|---|
owl | owl_intranet_engine | 0.6 | cpe:2.3:a:owl:owl_intranet_engine:0.6:*:*:*:*:*:*:* |
owl | owl_intranet_engine | 0.8 | cpe:2.3:a:owl:owl_intranet_engine:0.8:*:*:*:*:*:*:* |
owl | owl_intranet_engine | 0.72 | cpe:2.3:a:owl:owl_intranet_engine:0.72:*:*:*:*:*:*:* |
owl | owl_intranet_engine | 0.73 | cpe:2.3:a:owl:owl_intranet_engine:0.73:*:*:*:*:*:*:* |
owl | owl_intranet_engine | 0.82 | cpe:2.3:a:owl:owl_intranet_engine:0.82:*:*:*:*:*:*:* |