CVE-2006-5459

🗓️ 23 Oct 2006 17:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlie

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2006-5459	23 Oct 200617:00	–	cvelist
EUVD	EUVD-2006-5444	7 Oct 202500:30	–	euvd
NVD	CVE-2006-5459	23 Oct 200617:07	–	nvd
Prion	Remote file inclusion	25 Apr 200717:19	–	prion

NVD

Node

alex downloadengineRange≤1.4.2

Source	Link
securityreason	www.securityreason.com/securityalert/1761
securityfocus	www.securityfocus.com/archive/1/448574/100/100/threaded

Parameter	Position	Path	Description	CWE
$_ENGINE[eng_dir]	query param	admin/includes/spaw/spaw_script.js.php	Remote file inclusion via URL parameter in spaw_script.js.php
spaw_root	query param	admin/includes/spaw/spaw_script.js.php	Remote file inclusion via URL parameter in spaw_script.js.php
$_ENGINE[eng_dir]	query param	admin/includes/spaw/config/spaw_control.config.php	Remote file inclusion via multiple parameters in spaw_control.config.php
$spaw_root	query param	admin/includes/spaw/config/spaw_control.config.php	Remote file inclusion via multiple parameters in spaw_control.config.php
$spaw_dir	query param	admin/includes/spaw/config/spaw_control.config.php	Remote file inclusion via multiple parameters in spaw_control.config.php
$spaw_base_url	query param	admin/includes/spaw/config/spaw_control.config.php	Remote file inclusion via multiple parameters in spaw_control.config.php

16 Jun 2026 22:31Current

7.5High risk

Vulners AI Score7.5

CVSS 27.5

EPSS0.01216

cve-2006-5459 php remote file inclusion download-engine vulnerability security