CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-5292

HIGH
7.5
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile28.48th
Published2006年10月16日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.

Affected Platforms (CPE)

📦
Exhibit Engine

Exhibit Engine

= 1.5_rc4
📦
Exhibit Engine

Exhibit Engine

= 1.22

References & Advisories

🔗 http://www.securityfocus.com/bid/20447
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/29424
🔗 https://www.exploit-db.com/exploits/2509
🔗 http://www.securityfocus.com/bid/20447
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/29424
🔗 https://www.exploit-db.com/exploits/2509

相關漏洞威脅

CVE-2006-718310.0

PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute a...

CVE-2005-18757.5

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL com...

CVE-2006-71846.8

Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to ex...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...