CVE-2006-5101

Comdev CSV Importer <4.1 - Code Injection

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

References (53)

Core 53
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22170
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3807
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3811
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29300
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29310
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447190/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22147
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22157
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447192/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447194/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29303
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3806
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22153
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22169
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3809
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3813
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1658
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29305
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447209/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29311
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447187/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29307
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447213/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22168
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447207/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29304
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22149
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3808
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447186/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3804
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22135
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29306
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22154
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22134
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3812
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447201/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3810
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29308
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22133
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29302
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447188/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3805
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29220
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29301
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3803
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29299
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447185/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447193/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22151
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3814
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447184/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29309
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3815

Scores

EPSS 0.0375
EPSS Percentile 88.5%

Details

CWE
CWE-94
Status published
Products (2)
comdev/comdev_csv_importer 3.1
comdev/comdev_csv_importer 4.1
Published Oct 03, 2006
Tracked Since Feb 18, 2026