CVE-2006-5055
published 2006-09-28CVE-2006-5055: PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.46%
87.6th percentile
PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forum_one | syntaxcms | <= 1.3 | — |
| forum_one | syntaxcms | — | — |
| forum_one | syntaxcms | — | — |
| forum_one | syntaxcms | — | — |
| forum_one | syntaxcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Forum One syntaxCMS 1.1.1/1.1.2/1.2.1/1.3 init_path code injection (EDB-2424 / XFDB-29122)
vuldb·2026-04-23·CVSS 7.5
CVE-2006-5055 [HIGH] Forum One syntaxCMS 1.1.1/1.1.2/1.2.1/1.3 init_path code injection (EDB-2424 / XFDB-29122)
A vulnerability was found in Forum One syntaxCMS 1.1.1/1.1.2/1.2.1/1.3. It has been declared as critical. This impacts an unknown function. The manipulation of the argument init_path results in code injection.
This vulnerability is cataloged as CVE-2006-5055. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-ww65-mqw5-5w26: Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-5105 [HIGH] GHSA-ww65-mqw5-5w26: Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1
Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055.
GHSA
GHSA-5xgm-63rp-xwqv: PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls
ghsa_unreviewed·2022-05-01
CVE-2006-5055 [HIGH] CWE-94 GHSA-5xgm-63rp-xwqv: PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls
PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=115913461828660&w=2http://securitytracker.com/id?1016914http://www.securityfocus.com/bid/20171http://www.syntaxcms.org/content/article/detail/513http://www.vupen.com/english/advisories/2006/3760https://exchange.xforce.ibmcloud.com/vulnerabilities/29122https://www.exploit-db.com/exploits/2424http://marc.info/?l=full-disclosure&m=115913461828660&w=2http://securitytracker.com/id?1016914http://www.securityfocus.com/bid/20171http://www.syntaxcms.org/content/article/detail/513http://www.vupen.com/english/advisories/2006/3760https://exchange.xforce.ibmcloud.com/vulnerabilities/29122https://www.exploit-db.com/exploits/2424
2006-09-28
Published