Moderate severityNVD Advisory· Published Nov 6, 2006· Updated Apr 23, 2026
CVE-2006-5734
CVE-2006-5734
Description
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmailer/phpmailerPackagist | < 5.2.0 | 5.2.0 |
Affected products
1- cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.3.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-8jc3-5p29-qgjxghsaADVISORY
- github.com/PHPMailer/PHPMailer/security/advisories/GHSA-8jc3-5p29-qgjxghsaWEB
- securityreason.com/securityalert/1823nvd
- www.securityfocus.com/archive/1/449233/100/200/threadednvd
- www.securityfocus.com/bid/20634nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29693nvd
News mentions
0No linked articles in our index yet.