2 matches found
CVE-2006-5291
The vulnerability CVE-2006-5291 affects Download-Engine 1.4.2 through a PHP remote file inclusion in admin/includes/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code on the server. The issue is noted as potentially in the third-party SPAW ...
CVE-2006-5459
CVE-2006-5459 documents multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier, allowing an attacker to execute arbitrary PHP code via crafted URLs to parameters in spaw_script.js.php and spaw_control.config.php. Affected files/parameters include spaw_root, $_ENGI...