Published: 15/11/2006 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 940

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite prior to 2.6.2 allow remote malicious users to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
campware.org campsite 2.6.1
campware.org campsite 2.6.0

source: wwwsecurityfocuscom/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities Exploiting this issue allows remote attackers to execute code in the context of the webserver This issue affects Campsite 261 Earlier versions may also be affected wwwexamplecom/cl ...

Get Started

CVE-2006-5911

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect