Vulnerabilities > CVE-2006-5911 - Remote File Include vulnerability in Campware.Org Campsite 2.6.0/2.6.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
campware-org
exploit available
NVD
Published: 2006-11-15
Updated: 2008-09-05

Summary

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

Vulnerable Configurations

Part Description Count
Application
Campware.Org
2

Exploit-Db

  • descriptionCampsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29993
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29993/
    titleCampsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29982
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29982/
    titleCampsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29967
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29967/
    titleCampsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29980
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29980/
    titleCampsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform
    idEDB-ID:29998
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29998/
    titleCampsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29992
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29992/
    titleCampsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29974
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29974/
    titleCampsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29977
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29977/
    titleCampsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29979
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29979/
    titleCampsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:30004
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/30004/
    titleCampsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform
    idEDB-ID:29997
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29997/
    titleCampsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform
    idEDB-ID:29999
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29999/
    titleCampsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29971
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29971/
    titleCampsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29969
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29969/
    titleCampsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29975
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29975/
    titleCampsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29976
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29976/
    titleCampsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29987
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29987/
    titleCampsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:30003
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/30003/
    titleCampsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform
    idEDB-ID:29988
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29988/
    titleCampsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:30005
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/30005/
    titleCampsite 2.6.1 - LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29996
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29996/
    titleCampsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29966
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29966/
    titleCampsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:30006
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/30006/
    titleCampsite 2.6.1 - LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29970
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29970/
    titleCampsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29991
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29991/
    titleCampsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29978
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29978/
    titleCampsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29972
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29972/
    titleCampsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29995
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29995/
    titleCampsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29990
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29990/
    titleCampsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29968
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29968/
    titleCampsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29983
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29983/
    titleCampsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29973
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29973/
    titleCampsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform
    idEDB-ID:29981
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29981/
    titleCampsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29994
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29994/
    titleCampsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29989
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29989/
    titleCampsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29985
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29985/
    titleCampsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29984
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29984/
    titleCampsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion
  • descriptionCampsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform
    idEDB-ID:29986
    last seen2016-02-03
    modified2007-05-08
    published2007-05-08
    reporteranonymous
    sourcehttps://www.exploit-db.com/download/29986/
    titleCampsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion

References