CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4329

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile7.43th
PublishedSep 30, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.

Affected Platforms (CPE)

πŸ“¦
Openengine

Openengine

<= 2.0_beta4
πŸ“¦
Openengine

Openengine

= 1.7.1
πŸ“¦
Openengine

Openengine

= 1.8_beta2
πŸ“¦
Openengine

Openengine

= 1.9_beta1
πŸ“¦
Openengine

Openengine

= 1.9_beta2
πŸ“¦
Openengine

Openengine

= 1.9_beta3

References & Advisories

πŸ”— http://www.securityfocus.com/bid/31413
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45435
πŸ”— https://www.exploit-db.com/exploits/6571
πŸ”— http://www.securityfocus.com/bid/31413
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45435
πŸ”— https://www.exploit-db.com/exploits/6571

Related Vulnerabilities

CVE-2008-47199.3

PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is e...

CVE-2007-50357.5

PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers ...

CVE-2006-22805.0

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary di...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...