Unrated severityNVD Advisory· Published Nov 15, 2006· Updated Jun 16, 2026

CVE-2006-5906

Description

PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use

Affected products

Jean-Christophe Ramos/Pls Bannieres
cpe:2.3:a:jean-christophe_ramos:pls-bannieres:1.21:*:*:*:*:*:*:*
Jean-Christophe Ramos/SCRIPT BANNIERESllm-fuzzy
Range: 0.1 / 1.21

Patches

Vulnerability mechanics

References

www.securityfocus.com/archive/1/449910/100/200/threadednvd
www.securityfocus.com/archive/1/449927/100/200/threadednvd
www.securityfocus.com/archive/1/449955/100/200/threadednvd
www.securityfocus.com/archive/1/450297/100/200/threadednvd
www.securityfocus.com/bid/20772nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29856nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000