CVE-2006-2811

critical

Description

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26981

http://www.securityfocus.com/bid/18232

http://www.securityfocus.com/archive/1/459572/100/0/threaded

http://www.securityfocus.com/archive/1/456893/100/200/threaded

http://www.securityfocus.com/archive/1/435590/100/0/threaded

http://www.osvdb.org/27229

http://www.osvdb.org/27228

http://www.osvdb.org/27227

http://www.osvdb.org/27226

http://www.osvdb.org/27225

http://www.osvdb.org/27224

http://www.osvdb.org/27223

http://www.osvdb.org/27222

http://www.osvdb.org/27221

http://www.osvdb.org/27220

http://www.osvdb.org/27219

http://www.osvdb.org/27218

http://www.osvdb.org/27217

http://www.osvdb.org/27216

http://www.osvdb.org/27215

http://www.osvdb.org/27214

http://www.osvdb.org/27213

http://www.osvdb.org/27212

http://www.osvdb.org/27211

http://www.osvdb.org/27209

http://securityreason.com/securityalert/1033

Details

Source: Mitre, NVD

Published: 2006-06-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03608