Описание
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0_beta4 (включая)
Одно из
cpe:2.3:a:openengine:openengine:*:*:*:*:*:*:*:*
cpe:2.3:a:openengine:openengine:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openengine:openengine:1.8_beta2:*:*:*:*:*:*:*
cpe:2.3:a:openengine:openengine:1.9_beta1:*:*:*:*:*:*:*
cpe:2.3:a:openengine:openengine:1.9_beta2:*:*:*:*:*:*:*
cpe:2.3:a:openengine:openengine:1.9_beta3:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03777
Низкий
10 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
EPSS
Процентиль: 88%
0.03777
Низкий
10 Critical
CVSS2
Дефекты
CWE-20