Strix
26.1K

CVE-2006-5380

UnknownEPSS 1.51%

Last modified

CVE-2006-5380 is a vulnerability of currently unknown severity. Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value. EPSS estimates a 1.51% chance of exploitation in the next 30 days.

Description

Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value

Metrics

EPSS Probability
1.51%

71.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
ContenidoContendio4.6.15

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-5380?
Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value
How severe is CVE-2006-5380?
Severity scoring for CVE-2006-5380 is pending analysis. The EPSS model estimates a 1.51% probability of exploitation in the next 30 days.
How do I fix CVE-2006-5380?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5380?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST