CVE-2006-4920
Site@School <2.4.02 - RCE
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
Exploits (1)
References (8)
Scores
EPSS
0.0885
EPSS Percentile
92.6%
Details
Status
published
Products (1)
siteatschool/siteatschool
< 2.4.02
Published
Sep 21, 2006
Tracked Since
Feb 18, 2026