CVE-2006-5481

Castor PHP Web Builder 1.1.1 - Remote Code Execution via rootpath Parameter

Title source: llm
STIX 2.1

Description

Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22527
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4143

Scores

EPSS 0.0123
EPSS Percentile 65.3%

Details

CWE
CWE-94
Status published
Products (1)
castor/castor 1.1.1
Published Oct 24, 2006
Tracked Since Feb 18, 2026