2 matches found
CVE-2008-4329
CVE-2008-4329 describes a PHP remote file inclusion in openEngine 2.0 beta4 and earlier. The vulnerability resides in cms/system/openengine.php and allows an attacker to execute arbitrary PHP code by supplying a URL in the oe_classpath parameter. Affected software is openEngine 2.0 beta4 and earl...
CVE-2006-2280
CVE-2006-2280 affects openEngine 1.8 Beta 2 and earlier. A directory traversal in website.php allows remote attackers to list arbitrary directories and read files via a .. in the template parameter. CVSS v2 base score 5.0 (Medium): AV:N/AC:L/Au:N/C:P/I:N/A:N. Exploitation details and patch inform...