CVE-2008-4719

Name of the Vulnerable Software and Affected Versions openEngine version 2.0 beta2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the oe classpath parameter when register globals is enabled. This is a different vector than previously identified issues.

Recommendations For openEngine version 2.0 beta2, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the oe classpath parameter in the cms/classes/openengine/filepool.php file to minimize the risk of arbitrary PHP code execution.