CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Alex: >> Downloadengine >> 1.4.2 Security Vulnerabilities

CVE-2006-5291

PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.

CVSS Score

7.5

EPSS Score

0.13

Published

2006-10-16

Page 1

Vulnerabilities

Vulnerable Software

Alex: >> Downloadengine >> 1.4.2 Security Vulnerabilities

Products

Pricing

Contact Us