2 matches found
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...
CVE-2006-5459
CVE-2006-5459 documents multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier, allowing an attacker to execute arbitrary PHP code via crafted URLs to parameters in spaw_script.js.php and spaw_control.config.php. Affected files/parameters include spaw_root, $_ENGI...