Unrated severityNVD Advisory· Published Oct 25, 2006· Updated Apr 23, 2026

CVE-2006-5507

Description

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.

Affected products

Der Dirigent/Der Dirigent
cpe:2.3:a:der_dirigent:der_dirigent:1.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22546nvdVendor Advisory
www.vupen.com/english/advisories/2006/4164nvdVendor Advisory
packetstormsecurity.org/0610-exploits/Derdirigent.txtnvd
www.osvdb.org/29950nvd
www.osvdb.org/29951nvd
www.osvdb.org/29952nvd
www.osvdb.org/29953nvd
www.osvdb.org/29954nvd
www.osvdb.org/29955nvd
www.osvdb.org/29956nvd
www.osvdb.org/29957nvd
www.osvdb.org/29958nvd
www.osvdb.org/29959nvd
www.securityfocus.com/bid/20702nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000