CVE-2006-5507

Published: Oct 25, 2006Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.

Affected (1)

Products: Der Dirigent: Der Dirigent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Der Dirigent Der Dirigent	Version 1.0.3

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (30)

http://packetstormsecurity.org/0610-exploits/Derdirigent.txt

Source: cve@mitre.org

http://secunia.com/advisories/22546

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/29950

Source: cve@mitre.org

http://www.osvdb.org/29951

Source: cve@mitre.org

http://www.osvdb.org/29952

Source: cve@mitre.org

http://www.osvdb.org/29953

Source: cve@mitre.org

http://www.osvdb.org/29954

Source: cve@mitre.org

http://www.osvdb.org/29955

Source: cve@mitre.org

http://www.osvdb.org/29956

Source: cve@mitre.org

http://www.osvdb.org/29957

Source: cve@mitre.org

http://www.osvdb.org/29958

Source: cve@mitre.org

http://www.osvdb.org/29959

Source: cve@mitre.org

http://www.securityfocus.com/bid/20702

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4164

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29760

Source: cve@mitre.org

http://packetstormsecurity.org/0610-exploits/Derdirigent.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22546

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/29950

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29951

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29952

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29953

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29954

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29955

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29956

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29957

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29958

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29959

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20702

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4164

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29760

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.