CVE-2006-5473

critical

Description

PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code

References

http://www.securityfocus.com/archive/1/449355/100/0/threaded

http://www.attrition.org/pipermail/vim/2006-October/001094.html

http://securityreason.com/securityalert/1763

http://attrition.org/pipermail/vim/2006-October/001090.html

Details

Source: Mitre, NVD

Published: 2006-10-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00585