CVE-2006-5308

🗓️ 17 Oct 2006 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

CVE-2006-5308: Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in include/theme.inc.php or include/footer.inc.php

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2006-5308	17 Oct 200615:00	–	cvelist
NVD	CVE-2006-5308	17 Oct 200615:07	–	nvd
Tenable Nessus	Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion	18 Oct 200600:00	–	nessus

NVD

Node

open_conference_systems open_conference_systemsRange≤1.1.5

Source	Link
isc	www.isc.sans.org/diary.php
pkp	www.pkp.sfu.ca:8043/bugzilla/show_bug.cgi
exploit-db	www.exploit-db.com/exploits/2536
securityfocus	www.securityfocus.com/bid/20567
securityfocus	www.securityfocus.com/archive/1/448548/100/0/threaded
secunia	www.secunia.com/advisories/22412
vupen	www.vupen.com/english/advisories/2006/4041
securitytracker	www.securitytracker.com/id
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/29517
pkp	www.pkp.sfu.ca:8043/bugzilla/attachment.cgi

Parameter	Position	Path	Description	CWE
fullpath	query param	include/theme.inc.php	Remote PHP file inclusion via the fullpath parameter allows arbitrary PHP code execution.
fullpath	query param	include/footer.inc.php	Remote PHP file inclusion via the fullpath parameter allows arbitrary PHP code execution.

23 Apr 2026 00:35Current

7.7High risk

Vulners AI Score7.7

CVSS 27.5

EPSS0.18433