CVE-2006-5911

Description

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

7.5

CVSS

Severity: High

CVSS 2.0 •

EPSS 2.41% Top 20%

Affected: n/a n/a

References

Link	Tags
http://www.osvdb.org/34217	vdb entry
http://www.osvdb.org/34215	vdb entry
http://www.osvdb.org/34189	vdb entry
http://www.osvdb.org/34214	vdb entry
http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936	patch
http://www.osvdb.org/34198	vdb entry
http://www.osvdb.org/34195	vdb entry
http://www.osvdb.org/34205	vdb entry
http://www.osvdb.org/34187	vdb entry
http://www.osvdb.org/34208	vdb entry
http://www.osvdb.org/34216	vdb entry
http://code.campware.org/projects/campsite/ticket/2349
http://www.osvdb.org/34224	vdb entry
http://code.campware.org/projects/campsite/query?milestone=2.6.2
http://www.osvdb.org/34197	vdb entry
http://www.osvdb.org/34221	vdb entry
http://www.osvdb.org/34213	vdb entry
http://www.osvdb.org/34209	vdb entry
http://www.osvdb.org/34211	vdb entry
http://www.osvdb.org/34191	vdb entry
http://code.campware.org/projects/campsite/changeset/6057	patch
http://www.osvdb.org/34225	vdb entry
http://www.osvdb.org/34203	vdb entry
http://www.osvdb.org/34200	vdb entry
http://www.osvdb.org/34222	vdb entry
http://www.osvdb.org/34223	vdb entry
http://www.osvdb.org/34218	vdb entry
http://www.osvdb.org/34206	vdb entry
http://www.osvdb.org/34199	vdb entry
http://www.osvdb.org/34196	vdb entry
http://www.osvdb.org/34219	vdb entry
http://www.osvdb.org/34201	vdb entry
http://www.securityfocus.com/bid/23874	vdb entry
http://www.osvdb.org/34192	vdb entry
http://www.osvdb.org/34210	vdb entry
http://www.osvdb.org/34188	vdb entry
http://www.osvdb.org/34204	vdb entry
http://www.osvdb.org/34202	vdb entry
http://www.osvdb.org/34190	vdb entry
http://code.campware.org/projects/campsite/changeset/6058	patch
http://www.osvdb.org/34220	vdb entry
http://www.osvdb.org/34207	vdb entry
http://www.osvdb.org/34193	vdb entry
http://www.osvdb.org/34194	vdb entry
http://www.osvdb.org/34212	vdb entry

Frequently Asked Questions

What is the severity of CVE-2006-5911?: CVE-2006-5911 has been scored as a high severity vulnerability.
How to fix CVE-2006-5911?: To fix CVE-2006-5911, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-5911 being actively exploited in the wild?: It is possible that CVE-2006-5911 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.