CVE-2006-5911

critical

Description

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

References

http://www.securityfocus.com/bid/23874

http://www.osvdb.org/34225

http://www.osvdb.org/34224

http://www.osvdb.org/34223

http://www.osvdb.org/34222

http://www.osvdb.org/34221

http://www.osvdb.org/34220

http://www.osvdb.org/34219

http://www.osvdb.org/34218

http://www.osvdb.org/34217

http://www.osvdb.org/34216

http://www.osvdb.org/34215

http://www.osvdb.org/34214

http://www.osvdb.org/34213

http://www.osvdb.org/34212

http://www.osvdb.org/34211

http://www.osvdb.org/34210

http://www.osvdb.org/34209

http://www.osvdb.org/34208

http://www.osvdb.org/34207

http://www.osvdb.org/34206

http://www.osvdb.org/34205

http://www.osvdb.org/34204

http://www.osvdb.org/34203

http://www.osvdb.org/34202

http://www.osvdb.org/34201

http://www.osvdb.org/34200

http://www.osvdb.org/34199

http://www.osvdb.org/34198

http://www.osvdb.org/34197

http://www.osvdb.org/34196

http://www.osvdb.org/34195

http://www.osvdb.org/34194

http://www.osvdb.org/34193

http://www.osvdb.org/34192

http://www.osvdb.org/34191

http://www.osvdb.org/34190

http://www.osvdb.org/34189

http://www.osvdb.org/34188

http://www.osvdb.org/34187

http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936

http://code.campware.org/projects/campsite/ticket/2349

http://code.campware.org/projects/campsite/query?milestone=2.6.2

http://code.campware.org/projects/campsite/changeset/6058

http://code.campware.org/projects/campsite/changeset/6057

Details

Source: Mitre, NVD

Published: 2006-11-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02406