CVE-2007-5035
openEngine 1.9 beta1 - Remote File Inclusion via this_module_path Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://arfis.wordpress.com/2007/09/14/rfi-03-openengine/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38727
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25716
Scores
EPSS
0.0135
EPSS Percentile
68.2%
Details
CWE
CWE-20
Status
published
Products (3)
openengine/openengine
1.9_beta1
openengine/openengine
1.9_beta2
openengine/openengine
1.9_beta3
Published
Sep 24, 2007
Tracked Since
Feb 18, 2026