Unrated severityNVD Advisory· Published Sep 28, 2006· Updated Jun 16, 2026

CVE-2006-5067

Description

PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

PHP System Administration Toolkit/PHP System Administration Toolkit2 versions
cpe:2.3:a:php_system_administration_toolkit:php_system_administration_toolkit:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:php_system_administration_toolkit:php_system_administration_toolkit:*:*:*:*:*:*:*:*
- (no CPE)

Patches

Vulnerability mechanics

References

securityreason.com/securityalert/1647nvd
www.attrition.org/pipermail/vim/2006-September/001054.htmlnvd
www.securityfocus.com/archive/1/446882/100/0/threadednvd
www.securityfocus.com/archive/1/450936/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/29133nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000