CVE-2006-5507

Description

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.

References

Link	Tags
http://www.osvdb.org/29957	vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29760	vdb entry
http://www.osvdb.org/29951	vdb entry
http://www.vupen.com/english/advisories/2006/4164	vdb entry vendor advisory
http://www.securityfocus.com/bid/20702	vdb entry
http://www.osvdb.org/29952	vdb entry
http://www.osvdb.org/29954	vdb entry
http://www.osvdb.org/29955	vdb entry
http://www.osvdb.org/29950	vdb entry
http://www.osvdb.org/29958	vdb entry
http://www.osvdb.org/29953	vdb entry
http://www.osvdb.org/29956	vdb entry
http://www.osvdb.org/29959	vdb entry
http://packetstormsecurity.org/0610-exploits/Derdirigent.txt
http://secunia.com/advisories/22546	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2006-5507?: CVE-2006-5507 has been scored as a high severity vulnerability.
How to fix CVE-2006-5507?: To fix CVE-2006-5507, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-5507 being actively exploited in the wild?: It is possible that CVE-2006-5507 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions