CVE-2006-7006

Vulnerability

A PHP remote file inclusion (RFI) vulnerability was claimed in upload/admin/team.php of Robin de Graff Somery 0.4.4, where the checkauth parameter could be supplied with a URL to include arbitrary remote code. However, the CVE disputes this finding because the checkauth variable is only used in conditional statements (e.g., if ($checkauth)) and never as an argument to include() or require(). The original advisory [1] provided a proof-of-concept URL (team.php?checkauth=Command-Shell), but code inspection confirms that checkauth is not used in any file inclusion context.

Exploitation

The original exploit claimed that an attacker could send a crafted HTTP request to team.php with the checkauth parameter set to a remote URL containing malicious PHP code. However, analysis of the source code [1] shows that $checkauth is only evaluated in conditionals (e.g., if ($checkauth)) and is never passed to an include function. Therefore, the described exploitation path is not feasible; the parameter cannot be used to include remote files.

Impact

If the vulnerability were valid, it would allow remote attackers to execute arbitrary PHP code on the server, leading to full compromise. However, because the claim is disputed and the code does not support RFI, there is no actual security impact. The CVE record itself disputes the vulnerability [1].

Mitigation

No mitigation is required because the vulnerability is not real. The CVE is disputed, and no patch or workaround has been issued. Users of Somery 0.4.4 are not affected by this specific claim. The dispute is documented in the VIM mailing list [1].