CVE-2007-2255
Last modified
CVE-2007-2255 is a vulnerability of currently unknown severity. Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.. EPSS estimates a 1.74% chance of exploitation in the next 30 days.
Description
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Alexscriptengine | Download-Engine | 1.4.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2255?
How severe is CVE-2007-2255?
How do I fix CVE-2007-2255?
Are you affected by CVE-2007-2255?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST