CVE-2006-5291

Name of the Vulnerable Software and Affected Versions Download-Engine version 1.4.2

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the spaw root parameter. This issue is likely a duplicate and may actually reside in a third-party product, SPAW Editor PHP Edition.

Recommendations For Download-Engine version 1.4.2, consider restricting access to the spaw control.class.php file in the admin/includes/spaw directory to minimize the risk of exploitation. Avoid using the spaw root parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.