4 matches found
Remote file inclusion
PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...
CVE-2007-2255
CVE-2007-2255 affects Download-Engine 1.4.3 and describes multiple PHP remote file inclusion vulnerabilities. The vulnerabilities allow an attacker to supply a URL in parameters (eng_dir to addmember.php, lang_path to admin/enginelib/class.phpmailer.php, and spaw_root to admin/includes/spaw/dialo...