CVE-2008-4329

openengine < 2.0_beta4 - Remote File Inclusion via oe_classpath Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4329. PoCs published by dun.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in openEngine <= 2.0 beta4. The vulnerability allows an attacker to include arbitrary remote files via the `oe_classpath` parameter in `openengine.php`.

Description

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by dun · textwebappsphp
https://www.exploit-db.com/exploits/6571

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in openEngine <= 2.0 beta4. The vulnerability allows an attacker to include arbitrary remote files via the `oe_classpath` parameter in `openengine.php`.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: openEngine <= 2.0 beta4
No auth needed
Prerequisites: Network access to the target application · PHP remote file inclusion settings enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31413
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6571
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45435

Scores

EPSS 0.0350
EPSS Percentile 87.7%

Details

CWE
CWE-20
Status published
Products (6)
openengine/openengine 1.7.1
openengine/openengine 1.8_beta2
openengine/openengine 1.9_beta1
openengine/openengine 1.9_beta2
openengine/openengine 1.9_beta3
openengine/openengine < 2.0_beta4
Published Sep 30, 2008
Tracked Since Feb 18, 2026