CVE-2006-5123

Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.

Published: Oct 3, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5123
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phprojekt / phprojekt	-	5.1.1.x
phprojekt / phprojekt	5.1_beta	5.1_beta.x
phprojekt / phprojekt	5.1	5.1.x
phprojekt / phprojekt	5.0.2	5.0.2.x
phprojekt / phprojekt	5.0	5.0.x
phprojekt / phprojekt	5.0.1	5.0.1.x

http://secunia.com/advisories/22167
http://securityreason.com/securityalert/1672
http://www.hardened-php.net/advisory_062006.129.html
http://www.osvdb.org/29290
http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=259
http://www.securityfocus.com/archive/1/447360/100/0/threaded
http://www.securityfocus.com/bid/20268
http://www.vupen.com/english/advisories/2006/3845
https://exchange.xforce.ibmcloud.com/vulnerabilities/29262

Vulnerability Database

290,278

CVE-2006-5123