Alexscriptengine : Security Vulnerabilities, CVEs,

CVE-2007-2289

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW.
Max CVSS
7.5
EPSS Score
1.08%
Published
2007-04-26
Updated
2018-10-16

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.
Max CVSS
7.5
EPSS Score
2.37%
Published
2007-04-25
Updated
2018-10-16

CVE-2007-1791

SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.21%
Published
2007-03-31
Updated
2017-10-11
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close