ID CVE-2006-5911
Summary Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
References
Vulnerable Configurations
  • cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:campware.org:campsite:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:campware.org:campsite:2.6.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 21:13)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 23874
confirm
osvdb
  • 34187
  • 34188
  • 34189
  • 34190
  • 34191
  • 34192
  • 34193
  • 34194
  • 34195
  • 34196
  • 34197
  • 34198
  • 34199
  • 34200
  • 34201
  • 34202
  • 34203
  • 34204
  • 34205
  • 34206
  • 34207
  • 34208
  • 34209
  • 34210
  • 34211
  • 34212
  • 34213
  • 34214
  • 34215
  • 34216
  • 34217
  • 34218
  • 34219
  • 34220
  • 34221
  • 34222
  • 34223
  • 34224
  • 34225
Last major update 05-09-2008 - 21:13
Published 15-11-2006 - 15:07
Last modified 05-09-2008 - 21:13
Back to Top