CVE-2007-5035

Name of the Vulnerable Software and Affected Versions openEngine version 1.9 beta1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the this module path parameter in the html/modules/extranet profile/main.php file. However, it is noted that PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement, which disputes the severity of this issue.

Recommendations For openEngine version 1.9 beta1, consider restricting access to the html/modules/extranet profile/main.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the this module path parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.