Unrated severityNVD Advisory· Published Nov 15, 2006· Updated Apr 23, 2026

CVE-2006-5911

Description

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

Affected products

Campware.org/Campsite2 versions
cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:campware.org:campsite:2.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.campware.org/projects/campsite/changeset/6057nvdPatch
code.campware.org/projects/campsite/changeset/6058nvdPatch
sourceforge.net/project/shownotes.phpnvdPatch
code.campware.org/projects/campsite/querynvd
code.campware.org/projects/campsite/ticket/2349nvd
www.osvdb.org/34187nvd
www.osvdb.org/34188nvd
www.osvdb.org/34189nvd
www.osvdb.org/34190nvd
www.osvdb.org/34191nvd
www.osvdb.org/34192nvd
www.osvdb.org/34193nvd
www.osvdb.org/34194nvd
www.osvdb.org/34195nvd
www.osvdb.org/34196nvd
www.osvdb.org/34197nvd
www.osvdb.org/34198nvd
www.osvdb.org/34199nvd
www.osvdb.org/34200nvd
www.osvdb.org/34201nvd
www.osvdb.org/34202nvd
www.osvdb.org/34203nvd
www.osvdb.org/34204nvd
www.osvdb.org/34205nvd
www.osvdb.org/34206nvd
www.osvdb.org/34207nvd
www.osvdb.org/34208nvd
www.osvdb.org/34209nvd
www.osvdb.org/34210nvd
www.osvdb.org/34211nvd
www.osvdb.org/34212nvd
www.osvdb.org/34213nvd
www.osvdb.org/34214nvd
www.osvdb.org/34215nvd
www.osvdb.org/34216nvd
www.osvdb.org/34217nvd
www.osvdb.org/34218nvd
www.osvdb.org/34219nvd
www.osvdb.org/34220nvd
www.osvdb.org/34221nvd
www.osvdb.org/34222nvd
www.osvdb.org/34223nvd
www.osvdb.org/34224nvd
www.osvdb.org/34225nvd
www.securityfocus.com/bid/23874nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000