CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-4719

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile26.00th
Published2008年10月23日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.

Affected Platforms (CPE)

📦
Openengine

Openengine

= 2.0

References & Advisories

🔗 http://securityreason.com/securityalert/4478
🔗 http://www.securityfocus.com/bid/31423
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45482
🔗 https://www.exploit-db.com/exploits/6585
🔗 http://securityreason.com/securityalert/4478
🔗 http://www.securityfocus.com/bid/31423
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45482
🔗 https://www.exploit-db.com/exploits/6585

関連する脆弱性情報

CVE-2008-432910.0

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers t...

CVE-2007-50357.5

PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers ...

CVE-2006-22805.0

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary di...

CVE-2008-524410.0

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the la...