CVE-2007-5035

openEngine 1.9 beta1 - Remote File Inclusion via this_module_path Parameter

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38727
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25716

Scores

EPSS 0.0135
EPSS Percentile 68.2%

Details

CWE
CWE-20
Status published
Products (3)
openengine/openengine 1.9_beta1
openengine/openengine 1.9_beta2
openengine/openengine 1.9_beta3
Published Sep 24, 2007
Tracked Since Feb 18, 2026