Unrated severityNVD Advisory· Published Feb 15, 2007· Updated Jun 16, 2026
CVE-2006-7024
CVE-2006-7024
Description
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:harpia:harpia_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:harpia:harpia_cms:*:*:*:*:*:*:*:*range: <=1.0.5
- (no CPE)range: <=1.0.5
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.