VYPR

Downloadengine

by Alex

CVEs (2)

  • CVE-2006-5291Oct 16, 2006
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party…

  • CVE-2006-5459Oct 23, 2006
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3)…