CVE-2006-5678 : PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.

PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php

Published 2006-11-03 11:07:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-5678

J-pierre Dezelus » Les Visiteurs » Version: 2.0.1
cpe:2.3:a:j-pierre_dezelus:les_visiteurs:2.0.1:*:*:*:*:*:*:*
Matching versions
Phpmyconferences » Phpmyconferences » Version: 8.0.2
cpe:2.3:a:phpmyconferences:phpmyconferences:8.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-5678

EPSS FAQ

0.96%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-5678

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-17
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2006-5678

http://securityreason.com/securityalert/1810

phpMyConferences <= 8.0.2 Remote File Inclusion - CXSecurity.com
http://www.attrition.org/pipermail/vim/2006-November/001105.html

[VIM] CVE dispute - phpMyConferences RFI
Exploit
http://www.securityfocus.com/archive/1/450140/100/0/threaded
http://www.securityfocus.com/archive/1/450467/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29919

phpMyConferences library.inc.php file include undefined Vulnerability Report

Jump to

Vulnerability Details : CVE-2006-5678

Products affected by CVE-2006-5678

Exploit prediction scoring system (EPSS) score for CVE-2006-5678

CVSS scores for CVE-2006-5678

References for CVE-2006-5678