CyberSec.Space Logo
Back to CVE Browser

CVE-2006-5292

HIGH
7.5
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile28.48th
PublishedOct 16, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.

Affected Platforms (CPE)

πŸ“¦
Exhibit Engine

Exhibit Engine

= 1.5_rc4
πŸ“¦
Exhibit Engine

Exhibit Engine

= 1.22

References & Advisories

πŸ”— http://www.securityfocus.com/bid/20447
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29424
πŸ”— https://www.exploit-db.com/exploits/2509
πŸ”— http://www.securityfocus.com/bid/20447
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29424
πŸ”— https://www.exploit-db.com/exploits/2509

Related Vulnerabilities

CVE-2006-718310.0

PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute a...

CVE-2005-18757.5

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL com...

CVE-2006-71846.8

Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to ex...

CVE-2006-023010.0

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which al...