Unrated severityNVD Advisory· Published Mar 23, 2006· Updated Apr 16, 2026

CVE-2006-1371

Description

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

Affected products

Xhp/CMS
cpe:2.3:a:xhp:cms:*:*:*:*:*:*:*:*
Range: <=0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19353nvdExploitPatchVendor Advisory
www.vupen.com/english/advisories/2006/1052nvdVendor Advisory
www.attrition.org/pipermail/vim/2006-March/000649.htmlnvd
www.osvdb.org/24058nvd
www.osvdb.org/24059nvd
www.securityfocus.com/bid/17209nvd
xhp.targetit.ro/index.phpnvd
exchange.xforce.ibmcloud.com/vulnerabilities/25399nvd
www.exploit-db.com/exploits/1605nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000