CVE-2007-5035

Published: Sep 24, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement

Affected (3)

Products: Openengine: Openengine

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openengine Openengine	Version 1.9_beta1
Openengine Openengine	Version 1.9_beta2
Openengine Openengine	Version 1.9_beta3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/

Source: cve@mitre.org

http://osvdb.org/38727

Source: cve@mitre.org

http://www.securityfocus.com/bid/25716

Source: cve@mitre.org

http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/38727

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25716

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.