CVE-2006-5392
Last modified
CVE-2006-5392 is a vulnerability of currently unknown severity. Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.. EPSS estimates a 9.68% chance of exploitation in the next 30 days.
Description
Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opendoc | Fullcore | <= 4.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-5392?
How severe is CVE-2006-5392?
How do I fix CVE-2006-5392?
Are you affected by CVE-2006-5392?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST