Unrated severityNVD Advisory· Published Apr 25, 2006· Updated Apr 16, 2026

CVE-2006-2005

Description

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.

Affected products

Clansys/Clansys
cpe:2.3:a:clansys:clansys:1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploit
www.nukedx.comnvdExploit
securityreason.com/securityalert/782nvd
www.osvdb.org/25083nvd
www.securityfocus.com/archive/1/431873/100/0/threadednvd
www.securityfocus.com/bid/17660nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25976nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000