Unrated severityNVD Advisory· Published Oct 17, 2006· Updated Jun 16, 2026

CVE-2006-5304

Description

PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

IncCMS/Core2 versions
cpe:2.3:a:inccms_technology:inccms_core:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:inccms_technology:inccms_core:*:*:*:*:*:*:*:*range: <=1.0.0
- (no CPE)range: <=1.0.0

Patches

Vulnerability mechanics

References

www.rahim.webd.pl/exploity/Exploits/100.txtnvdExploit
www.securityfocus.com/bid/20531nvdExploit
secunia.com/advisories/22420nvdVendor Advisory
www.vupen.com/english/advisories/2006/4046nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29567nvd
www.exploit-db.com/exploits/2557nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000