Alex Downloadengine vulnerabilities
2 known vulnerabilities affecting alex/downloadengine.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2006-5291P3HIGHCVSS 7.5PoCv1.4.22006-10-16
CVE-2006-5291 [HIGH] CWE-94 CVE-2006-5291: PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-En
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2
nvd
CVE-2006-5459P4HIGHCVSS 7.5≤ 1.4.22006-10-23
CVE-2006-5459 [HIGH] CVE-2006-5459: Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in adm
nvd