source: http://www.securityfocus.com/bid/23874/info
Campsite is prone to multiple remote file-include vulnerabilities.
Exploiting this issue allows remote attackers to execute code in the context of the webserver.
This issue affects Campsite 2.6.1. Earlier versions may also be affected.
http://www.example.com/classes/TimeUnit.php?g_DocumentRoot=shell.txt?
{"cve": [{"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.", "modified": "2008-09-05T21:13:00", "id": "CVE-2006-5911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5911", "published": "2006-11-15T15:07:00", "title": "CVE-2006-5911", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the LocalizerLanguage.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the LocalizerLanguage.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34225", "id": "OSVDB:34225", "title": "Campsite LocalizerLanguage.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ArticleImage.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ArticleImage.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34192", "id": "OSVDB:34192", "title": "Campsite ArticleImage.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ShortURL.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ShortURL.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34211", "id": "OSVDB:34211", "title": "Campsite ShortURL.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the SubscriptionDefaultTime.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the SubscriptionDefaultTime.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34213", "id": "OSVDB:34213", "title": "Campsite SubscriptionDefaultTime.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Attachment.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Attachment.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34198", "id": "OSVDB:34198", "title": "Campsite Attachment.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ArticleTypeField.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ArticleTypeField.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34197", "id": "OSVDB:34197", "title": "Campsite ArticleTypeField.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the LocalizerConfig.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the LocalizerConfig.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34224", "id": "OSVDB:34224", "title": "Campsite LocalizerConfig.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the SystemPref.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the SystemPref.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34215", "id": "OSVDB:34215", "title": "Campsite SystemPref.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DatabaseObject.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DatabaseObject.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34200", "id": "OSVDB:34200", "title": "Campsite DatabaseObject.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the UserType.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCampsite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the UserType.php script not properly sanitizing user input supplied to the 'g_documentRoot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.campware.org/\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/query?milestone=2.6.2\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6058\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/2349\nVendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/changeset/6057\n[Related OSVDB ID: 34185](https://vulners.com/osvdb/OSVDB:34185)\n[CVE-2006-5911](https://vulners.com/cve/CVE-2006-5911)\n", "modified": "2006-10-13T18:15:53", "published": "2006-10-13T18:15:53", "href": "https://vulners.com/osvdb/OSVDB:34221", "id": "OSVDB:34221", "title": "Campsite UserType.php g_documentRoot Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:31:01", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29979", "href": "https://www.exploit-db.com/exploits/29979/", "type": "exploitdb", "title": "Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/Event.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29979/"}, {"lastseen": "2016-02-03T11:31:23", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29982", "href": "https://www.exploit-db.com/exploits/29982/", "type": "exploitdb", "title": "Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/Issue.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29982/"}, {"lastseen": "2016-02-03T11:31:48", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29985", "href": "https://www.exploit-db.com/exploits/29985/", "type": "exploitdb", "title": "Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/Log.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29985/"}, {"lastseen": "2016-02-03T11:29:44", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29969", "href": "https://www.exploit-db.com/exploits/29969/", "type": "exploitdb", "title": "Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/ArticleComment.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29969/"}, {"lastseen": "2016-02-03T11:29:51", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29970", "href": "https://www.exploit-db.com/exploits/29970/", "type": "exploitdb", "title": "Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/ArticleData.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29970/"}, {"lastseen": "2016-02-03T11:32:21", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29989", "href": "https://www.exploit-db.com/exploits/29989/", "type": "exploitdb", "title": "Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/ShortURL.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29989/"}, {"lastseen": "2016-02-03T11:32:53", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29993", "href": "https://www.exploit-db.com/exploits/29993/", "type": "exploitdb", "title": "Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/SystemPref.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29993/"}, {"lastseen": "2016-02-03T11:33:27", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911 . Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29997", "href": "https://www.exploit-db.com/exploits/29997/", "type": "exploitdb", "title": "Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/UrlType.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29997/"}, {"lastseen": "2016-02-03T11:29:59", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29971", "href": "https://www.exploit-db.com/exploits/29971/", "type": "exploitdb", "title": "Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/ArticleImage.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29971/"}, {"lastseen": "2016-02-03T11:30:47", "bulletinFamily": "exploit", "description": "Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion. CVE-2006-5911. Webapps exploit for php platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:29977", "href": "https://www.exploit-db.com/exploits/29977/", "type": "exploitdb", "title": "Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/23874/info\r\n \r\nCampsite is prone to multiple remote file-include vulnerabilities.\r\n \r\nExploiting this issue allows remote attackers to execute code in the context of the webserver.\r\n \r\nThis issue affects Campsite 2.6.1. Earlier versions may also be affected.\r\n\r\nhttp://www.example.com/classes/Country.php?g_DocumentRoot=shell.txt?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29977/"}]}
