VYPR
Unrated severityNVD Advisory· Published May 10, 2006· Updated Jun 16, 2026

CVE-2006-2286

CVE-2006-2286

Description

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Dokeos/Dokeos2 versions
    cpe:2.3:a:dokeos:dokeos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:dokeos:dokeos:*:*:*:*:*:*:*:*range: <=1.6.3
    • (no CPE)range: <=1.6.3, =2.0.3
  • cpe:2.3:a:dokeos:dokeos_community_release:2.0.3:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.