CVE-2006-5911
Description
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:campware.org:campsite:2.6.1:*:*:*:*:*:*:*
- (no CPE)range: <2.6.2
Patches
Vulnerability mechanics
References
45- code.campware.org/projects/campsite/changeset/6057nvdPatch
- code.campware.org/projects/campsite/changeset/6058nvdPatch
- sourceforge.net/project/shownotes.phpnvdPatch
- code.campware.org/projects/campsite/querynvd
- code.campware.org/projects/campsite/ticket/2349nvd
- www.osvdb.org/34187nvd
- www.osvdb.org/34188nvd
- www.osvdb.org/34189nvd
- www.osvdb.org/34190nvd
- www.osvdb.org/34191nvd
- www.osvdb.org/34192nvd
- www.osvdb.org/34193nvd
- www.osvdb.org/34194nvd
- www.osvdb.org/34195nvd
- www.osvdb.org/34196nvd
- www.osvdb.org/34197nvd
- www.osvdb.org/34198nvd
- www.osvdb.org/34199nvd
- www.osvdb.org/34200nvd
- www.osvdb.org/34201nvd
- www.osvdb.org/34202nvd
- www.osvdb.org/34203nvd
- www.osvdb.org/34204nvd
- www.osvdb.org/34205nvd
- www.osvdb.org/34206nvd
- www.osvdb.org/34207nvd
- www.osvdb.org/34208nvd
- www.osvdb.org/34209nvd
- www.osvdb.org/34210nvd
- www.osvdb.org/34211nvd
- www.osvdb.org/34212nvd
- www.osvdb.org/34213nvd
- www.osvdb.org/34214nvd
- www.osvdb.org/34215nvd
- www.osvdb.org/34216nvd
- www.osvdb.org/34217nvd
- www.osvdb.org/34218nvd
- www.osvdb.org/34219nvd
- www.osvdb.org/34220nvd
- www.osvdb.org/34221nvd
- www.osvdb.org/34222nvd
- www.osvdb.org/34223nvd
- www.osvdb.org/34224nvd
- www.osvdb.org/34225nvd
- www.securityfocus.com/bid/23874nvd
News mentions
0No linked articles in our index yet.