Vulnerability Description
PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softerra | Php Developer Library | <= 1.5.3 |
References
- http://attrition.org/pipermail/vim/2006-October/001090.html
- http://securityreason.com/securityalert/1763
- http://www.attrition.org/pipermail/vim/2006-October/001094.html
- http://www.securityfocus.com/archive/1/449355/100/0/threaded
- http://attrition.org/pipermail/vim/2006-October/001090.html
- http://securityreason.com/securityalert/1763
- http://www.attrition.org/pipermail/vim/2006-October/001094.html
- http://www.securityfocus.com/archive/1/449355/100/0/threaded
FAQ
What is CVE-2006-5473?
CVE-2006-5473 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: t...
How severe is CVE-2006-5473?
CVE-2006-5473 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5473?
Check the references section above for vendor advisories and patch information. Affected products include: Softerra Php Developer Library.