CVE-2007-5035

PHP remote file inclusion vulnerability in html/modules/extranetprofile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the thismodulepath parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a...

CVE-2007-5035

PHP remote file inclusion vulnerability in html/modules/extranetprofile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the thismodulepath parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a...

PT-2007-6140 · Openengine · Openengine

Name of the Vulnerable Software and Affected Versions: openEngine version 1.9 beta1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the this module path parameter in the html/modules/extranet profile/main.php file. However, it is noted that PHP encounters...

CVE-2007-5035

OpenEngine 1.9 beta1 is associated with a PHP remote file inclusion risk in html/modules/extranet_profile/main.php via the this_module_path parameter. The underlying issue is disputed by CVE because PHP may terminate with a fatal function-call error on direct requests before the include, which af...

Directory traversal

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. dot dot in the template parameter...

CVE-2006-2280

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. dot dot in the template parameter...

CVE-2006-2280

CVE-2006-2280 affects openEngine 1.8 Beta 2 and earlier. A directory traversal in website.php allows remote attackers to list arbitrary directories and read files via a .. in the template parameter. CVSS v2 base score 5.0 (Medium): AV:N/AC:L/Au:N/C:P/I:N/A:N. Exploitation details and patch inform...

OpenEngineTraverse.txt

OpenEngine is a PHP based CMS. The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted. All actual versions are vulnerable up to 1.8 Beta 2, which is the newest one, only the paths and consequences differ. For example you can browse the...

OpenEngine (PHP CMS)

OpenEngine is a PHP based CMS. The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted. All actual versions are vulnerable up to 1.8 Beta 2, which is the newest one, only the paths and consequences differ. For example you can browse the...

openEngine 1.71.8 - Template Unauthorized Access

openEngine 1.71.8 - Template Unauthorized Access source: https://www.securityfocus.com/bid/17871/info openEngine is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to acce...