Vulnerabilities > CVE-2006-5911 - Unspecified vulnerability in Campware.Org Campsite 2.6.0/2.6.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN campware-org
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29993 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29993/ title Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29982 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29982/ title Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29967 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29967/ title Campsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29980 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29980/ title Campsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform id EDB-ID:29998 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29998/ title Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29992 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29992/ title Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29974 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29974/ title Campsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29977 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29977/ title Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29979 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29979/ title Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:30004 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/30004/ title Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform id EDB-ID:29997 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29997/ title Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform id EDB-ID:29999 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29999/ title Campsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29971 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29971/ title Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29969 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29969/ title Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29975 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29975/ title Campsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29976 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29976/ title Campsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29987 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29987/ title Campsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:30003 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/30003/ title Campsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform id EDB-ID:29988 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29988/ title Campsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:30005 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/30005/ title Campsite 2.6.1 - LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29996 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29996/ title Campsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29966 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29966/ title Campsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:30006 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/30006/ title Campsite 2.6.1 - LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29970 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29970/ title Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29991 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29991/ title Campsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29978 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29978/ title Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29972 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29972/ title Campsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29995 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29995/ title Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29990 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29990/ title Campsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29968 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29968/ title Campsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29983 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29983/ title Campsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29973 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29973/ title Campsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform id EDB-ID:29981 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29981/ title Campsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29994 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29994/ title Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29989 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29989/ title Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29985 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29985/ title Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29984 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29984/ title Campsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion description Campsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform id EDB-ID:29986 last seen 2016-02-03 modified 2007-05-08 published 2007-05-08 reporter anonymous source https://www.exploit-db.com/download/29986/ title Campsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion
References
- http://code.campware.org/projects/campsite/changeset/6057
- http://code.campware.org/projects/campsite/changeset/6057
- http://code.campware.org/projects/campsite/changeset/6058
- http://code.campware.org/projects/campsite/changeset/6058
- http://code.campware.org/projects/campsite/query?milestone=2.6.2
- http://code.campware.org/projects/campsite/query?milestone=2.6.2
- http://code.campware.org/projects/campsite/ticket/2349
- http://code.campware.org/projects/campsite/ticket/2349
- http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936
- http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936
- http://www.osvdb.org/34187
- http://www.osvdb.org/34187
- http://www.osvdb.org/34188
- http://www.osvdb.org/34188
- http://www.osvdb.org/34189
- http://www.osvdb.org/34189
- http://www.osvdb.org/34190
- http://www.osvdb.org/34190
- http://www.osvdb.org/34191
- http://www.osvdb.org/34191
- http://www.osvdb.org/34192
- http://www.osvdb.org/34192
- http://www.osvdb.org/34193
- http://www.osvdb.org/34193
- http://www.osvdb.org/34194
- http://www.osvdb.org/34194
- http://www.osvdb.org/34195
- http://www.osvdb.org/34195
- http://www.osvdb.org/34196
- http://www.osvdb.org/34196
- http://www.osvdb.org/34197
- http://www.osvdb.org/34197
- http://www.osvdb.org/34198
- http://www.osvdb.org/34198
- http://www.osvdb.org/34199
- http://www.osvdb.org/34199
- http://www.osvdb.org/34200
- http://www.osvdb.org/34200
- http://www.osvdb.org/34201
- http://www.osvdb.org/34201
- http://www.osvdb.org/34202
- http://www.osvdb.org/34202
- http://www.osvdb.org/34203
- http://www.osvdb.org/34203
- http://www.osvdb.org/34204
- http://www.osvdb.org/34204
- http://www.osvdb.org/34205
- http://www.osvdb.org/34205
- http://www.osvdb.org/34206
- http://www.osvdb.org/34206
- http://www.osvdb.org/34207
- http://www.osvdb.org/34207
- http://www.osvdb.org/34208
- http://www.osvdb.org/34208
- http://www.osvdb.org/34209
- http://www.osvdb.org/34209
- http://www.osvdb.org/34210
- http://www.osvdb.org/34210
- http://www.osvdb.org/34211
- http://www.osvdb.org/34211
- http://www.osvdb.org/34212
- http://www.osvdb.org/34212
- http://www.osvdb.org/34213
- http://www.osvdb.org/34213
- http://www.osvdb.org/34214
- http://www.osvdb.org/34214
- http://www.osvdb.org/34215
- http://www.osvdb.org/34215
- http://www.osvdb.org/34216
- http://www.osvdb.org/34216
- http://www.osvdb.org/34217
- http://www.osvdb.org/34217
- http://www.osvdb.org/34218
- http://www.osvdb.org/34218
- http://www.osvdb.org/34219
- http://www.osvdb.org/34219
- http://www.osvdb.org/34220
- http://www.osvdb.org/34220
- http://www.osvdb.org/34221
- http://www.osvdb.org/34221
- http://www.osvdb.org/34222
- http://www.osvdb.org/34222
- http://www.osvdb.org/34223
- http://www.osvdb.org/34223
- http://www.osvdb.org/34224
- http://www.osvdb.org/34224
- http://www.osvdb.org/34225
- http://www.osvdb.org/34225
- http://www.securityfocus.com/bid/23874
- http://www.securityfocus.com/bid/23874