Unrated severityNVD Advisory· Published Aug 23, 2006· Updated Apr 16, 2026

CVE-2006-4311

Description

PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.

Affected products

Sonium/Enterprise Adressbook
cpe:2.3:a:sonium:enterprise_adressbook:0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21553nvdVendor Advisory
www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_%28folder%29_RFI.htmnvd
www.securityfocus.com/archive/1/443701/100/0/threadednvd
www.securityfocus.com/bid/19597nvd
www.vupen.com/english/advisories/2006/3334nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28464nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000