Lucene search
OpenengineOpenengine1.8 beta2
2 matches found
CVE-2006-2280
Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.
5CVSS6.7AI score0.04655EPSS
CVE-2008-4329
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
10CVSS7.5AI score0.01522EPSS