QwikSec

Security Database

CVE

CWE

Training

CVE-2006-5291

Published: Oct 16, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

exploit

x_refsource_EXPLOIT-DB

downloadengine-spaw-file-include(29493)

vdb-entry

x_refsource_XF

http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup

x_refsource_CONFIRM

20061012 Download-Engine Remote File Include

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.