CVE-2006-5308

Open Conference Systems <1.1.6 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5308. PoCs published by k1tk4t.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Open Conference Systems <= 1.1.3. It details the vulnerable files and parameters but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by k1tk4t · textwebappsphp
https://www.exploit-db.com/exploits/2536

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Open Conference Systems <= 1.1.3. It details the vulnerable files and parameters but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Open Conference Systems <= 1.1.3
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker-controlled server to host malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29517
Exploit, Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017071
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22412
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4041
Various Sources x_refsource_misc
http://isc.sans.org/diary.php?storyid=1791
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20567
Various Sources x_refsource_confirm
http://pkp.sfu.ca:8043/bugzilla/show_bug.cgi?id=2436
Various Sources x_refsource_confirm
http://pkp.sfu.ca/ocs_download
Various Sources x_refsource_confirm
http://pkp.sfu.ca:8043/bugzilla/attachment.cgi?id=90
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2536
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448548/100/0/threaded

Scores

EPSS 0.0403
EPSS Percentile 89.3%

Details

Status published
Products (1)
open_conference_systems/open_conference_systems < 1.1.5
Published Oct 17, 2006
Tracked Since Feb 18, 2026