Vulnerability Details CVE-2006-1149
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.16
EPSS Ranking 94.5%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2006-1149
-
cpe:2.3:a:owl:owl_intranet_engine:0.6
-
cpe:2.3:a:owl:owl_intranet_engine:0.72
-
cpe:2.3:a:owl:owl_intranet_engine:0.73
-
cpe:2.3:a:owl:owl_intranet_engine:0.8
-
cpe:2.3:a:owl:owl_intranet_engine:0.82