Back to search
CVE-2007-2255
Published: Apr 25, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
downloadengine-multiple-file-include(33723)
vdb-entry
x_refsource_XF
35400
vdb-entry
x_refsource_OSVDB
35399
vdb-entry
x_refsource_OSVDB
20070417 Remot File Include download_engine_V1.4.3
mailing-list
x_refsource_BUGTRAQ
2619
third-party-advisory
x_refsource_SREASON
35398
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now