CVE-2006-5480

Published: Oct 24, 2006Modified: Apr 23, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.

Affected (1)

Products: Castor: Php Web Builder

Castor

1 product

Php Web Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Castor Php Web Builder	Version 1.1.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://secunia.com/advisories/22527

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/bid/20658

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/4143

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29704

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2606

Source: cve@mitre.org

http://secunia.com/advisories/22527