Unrated severityNVD Advisory· Published Oct 13, 2006· Updated Apr 23, 2026
CVE-2006-5289
CVE-2006-5289
Description
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.
Affected products
1- cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.