CVE-2006-2005

critical

Description

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25976

http://www.securityfocus.com/bid/17660

http://www.securityfocus.com/archive/1/431873/100/0/threaded

http://www.osvdb.org/25083

http://securityreason.com/securityalert/782

Details

Source: Mitre, NVD

Published: 2006-04-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.1241