CVE-2006-5767

Published: Nov 6, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.

Affected (1)

Products: Drake Team: Drake Cms

Drake Team

1 product

Drake Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Drake Team Drake Cms	Up to 0.2.2_alpha_r846

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://sourceforge.net/forum/forum.php?forum_id=636860

Source: cve@mitre.org

http://www.attrition.org/pipermail/vim/2006-December/001202.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/20914

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/4345

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/30021

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2713

Source: cve@mitre.org

http://sourceforge.net/forum/forum.php?forum_id=636860