CVE-2006-5101

critical

Description

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29220

http://www.vupen.com/english/advisories/2006/3815

http://www.vupen.com/english/advisories/2006/3814

http://www.vupen.com/english/advisories/2006/3813

http://www.vupen.com/english/advisories/2006/3812

http://www.vupen.com/english/advisories/2006/3811

http://www.vupen.com/english/advisories/2006/3810

http://www.vupen.com/english/advisories/2006/3809

http://www.vupen.com/english/advisories/2006/3808

http://www.vupen.com/english/advisories/2006/3807

http://www.vupen.com/english/advisories/2006/3806

http://www.vupen.com/english/advisories/2006/3805

http://www.vupen.com/english/advisories/2006/3804

http://www.vupen.com/english/advisories/2006/3803

http://www.securityfocus.com/archive/1/447213/100/0/threaded

http://www.securityfocus.com/archive/1/447209/100/0/threaded

http://www.securityfocus.com/archive/1/447207/100/0/threaded

http://www.securityfocus.com/archive/1/447201/100/0/threaded

http://www.securityfocus.com/archive/1/447194/100/0/threaded

http://www.securityfocus.com/archive/1/447193/100/0/threaded

http://www.securityfocus.com/archive/1/447192/100/0/threaded

http://www.securityfocus.com/archive/1/447190/100/0/threaded

http://www.securityfocus.com/archive/1/447188/100/0/threaded

http://www.securityfocus.com/archive/1/447187/100/0/threaded

http://www.securityfocus.com/archive/1/447186/100/0/threaded

http://www.securityfocus.com/archive/1/447185/100/0/threaded

http://www.securityfocus.com/archive/1/447184/100/0/threaded

http://www.osvdb.org/29311

http://www.osvdb.org/29310

http://www.osvdb.org/29309

http://www.osvdb.org/29308

http://www.osvdb.org/29307

http://www.osvdb.org/29306

http://www.osvdb.org/29305

http://www.osvdb.org/29304

http://www.osvdb.org/29303

http://www.osvdb.org/29302

http://www.osvdb.org/29301

http://www.osvdb.org/29300

http://www.osvdb.org/29299

http://securityreason.com/securityalert/1658

http://secunia.com/advisories/22170

http://secunia.com/advisories/22169

http://secunia.com/advisories/22168

http://secunia.com/advisories/22157

http://secunia.com/advisories/22154

http://secunia.com/advisories/22153

http://secunia.com/advisories/22151

http://secunia.com/advisories/22149

http://secunia.com/advisories/22147

http://secunia.com/advisories/22135

http://secunia.com/advisories/22134

http://secunia.com/advisories/22133

Details

Source: Mitre, NVD

Published: 2006-10-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02817