CVE-2006-5101
Last modified
CVE-2006-5101 is a vulnerability of currently unknown severity. PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.. EPSS estimates a 3.65% chance of exploitation in the next 30 days.
Description
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Comdev | Comdev Csv Importer | 3.1 |
| Comdev | Comdev Csv Importer | 4.1 |
References
- http://secunia.com/advisories/22133Vendor Advisory
- http://secunia.com/advisories/22134Vendor Advisory
- http://secunia.com/advisories/22135Vendor Advisory
- http://secunia.com/advisories/22147Vendor Advisory
- http://secunia.com/advisories/22149Vendor Advisory
- http://secunia.com/advisories/22151Vendor Advisory
- http://secunia.com/advisories/22153Vendor Advisory
- http://secunia.com/advisories/22154Vendor Advisory
- http://secunia.com/advisories/22157Vendor Advisory
- http://secunia.com/advisories/22168Vendor Advisory
- http://secunia.com/advisories/22169Vendor Advisory
- http://secunia.com/advisories/22170Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3804Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3807Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3808Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3809Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3813Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3815Vendor Advisory
- http://secunia.com/advisories/22133Vendor Advisory
- http://secunia.com/advisories/22134Vendor Advisory
- http://secunia.com/advisories/22135Vendor Advisory
- http://secunia.com/advisories/22147Vendor Advisory
- http://secunia.com/advisories/22149Vendor Advisory
- http://secunia.com/advisories/22151Vendor Advisory
- http://secunia.com/advisories/22153Vendor Advisory
- http://secunia.com/advisories/22154Vendor Advisory
- http://secunia.com/advisories/22157Vendor Advisory
- http://secunia.com/advisories/22168Vendor Advisory
- http://secunia.com/advisories/22169Vendor Advisory
- http://secunia.com/advisories/22170Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3804Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3807Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3808Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3809Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3813Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3815Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-5101?
How severe is CVE-2006-5101?
How do I fix CVE-2006-5101?
Are you affected by CVE-2006-5101?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST