10
CVE-2008-4329
- EPSS 3.78%
- Veröffentlicht 30.09.2008 17:22:09
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openengine ≫ Openengine Version <= 2.0_beta4
Openengine ≫ Openengine Version1.7.1
Openengine ≫ Openengine Version1.8_beta2
Openengine ≫ Openengine Version1.9_beta1
Openengine ≫ Openengine Version1.9_beta2
Openengine ≫ Openengine Version1.9_beta3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.78% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.