CVE-2006-5220
published 2006-10-10CVE-2006-5220: Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via…
PriorityP343medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.78%
94.5th percentile
Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| objective_development | webyep | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Objective Development WebYep 1.1.9 WYApplication.php webyep_sIncludePath code injection (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] Objective Development WebYep 1.1.9 WYApplication.php webyep_sIncludePath code injection (EDB-2496 / XFDB-29397)
A vulnerability labeled as critical has been found in Objective Development WebYep 1.1.9. This affects an unknown part of the file WYApplication.php. Such manipulation of the argument webyep_sIncludePath leads to code injection.
This vulnerability is uniquely identified as CVE-2006-5220. The attack can be launched remotely. Moreover, an exploit is present.
VulDB
PHP Web WebYep WYPath.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYPath.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability was found in PHP Web WebYep. It has been classified as critical. This affects an unknown function of the file WYPath.php. The manipulation of the argument webyep_sIncludePath leads to improper privilege management.
This vulnerability is traded as CVE-2006-5220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
VulDB
PHP Web WebYep WYFile.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYFile.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability classified as critical was found in PHP Web WebYep. This vulnerability affects unknown code of the file WYFile.php. The manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is cataloged as CVE-2006-5220. The attack may be launched remotely. Furthermore, there is an exploit available.
VulDB
PHP Web WebYep WYLongTextElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYLongTextElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability classified as critical has been found in PHP Web WebYep. Impacted is an unknown function of the file WYLongTextElement.php. This manipulation of the argument webyep_sIncludePath causes improper privilege management.
This vulnerability is tracked as CVE-2006-5220. The attack is possible to be carried out remotely. Moreover, an exploit is present.
VulDB
PHP Web WebYep WYImageElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYImageElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability marked as critical has been reported in PHP Web WebYep. This vulnerability affects unknown code of the file WYImageElement.php. The manipulation of the argument webyep_sIncludePath leads to improper privilege management.
This vulnerability is referenced as CVE-2006-5220. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
VulDB
PHP Web WebYep WYShortTextElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYShortTextElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability, which was classified as critical, was found in PHP Web WebYep. This affects an unknown function of the file WYShortTextElement.php. Executing a manipulation of the argument webyep_sIncludePath can lead to improper privilege management.
This vulnerability is registered as CVE-2006-5220. It is possible to launch the attack remotely. Furthermore, an exploit is available.
VulDB
PHP Web WebYep WYImage.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYImage.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability, which was classified as critical, was found in PHP Web WebYep. Impacted is an unknown function of the file WYImage.php. Such manipulation of the argument webyep_sIncludePath leads to improper privilege management.
This vulnerability is documented as CVE-2006-5220. The attack can be executed remotely. Additionally, an exploit exists.
VulDB
PHP Web WebYep WYHTMLTag.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYHTMLTag.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability, which was classified as critical, has been found in PHP Web WebYep. This issue affects some unknown processing of the file WYHTMLTag.php. This manipulation of the argument webyep_sIncludePath causes improper privilege management.
This vulnerability is registered as CVE-2006-5220. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
VulDB
PHP Web WebYep WYElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability classified as critical has been found in PHP Web WebYep. This affects an unknown part of the file WYElement.php. The manipulation of the argument webyep_sIncludePath leads to improper privilege management.
This vulnerability is listed as CVE-2006-5220. The attack may be initiated remotely. In addition, an exploit is available.
VulDB
PHP Web WebYep WYPopupWindowLink.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYPopupWindowLink.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability was found in PHP Web WebYep. It has been declared as critical. This impacts an unknown function of the file WYPopupWindowLink.php. The manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is known as CVE-2006-5220. It is possible to launch the attack remotely. Furthermore, an exploit is available.
VulDB
PHP Web WebYep WYDocument.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYDocument.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability marked as critical has been reported in PHP Web WebYep. Affected by this vulnerability is an unknown functionality of the file WYDocument.php. Performing a manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is identified as CVE-2006-5220. The attack can be initiated remotely. Additionally, an exploit exists.
VulDB
PHP Web WebYep WYLanguage.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYLanguage.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability has been found in PHP Web WebYep and classified as critical. The affected element is an unknown function of the file WYLanguage.php. Performing a manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is reported as CVE-2006-5220. The attack is possible to be carried out remotely. Moreover, an exploit is present.
VulDB
PHP Web WebYep WYLink.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYLink.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability was found in PHP Web WebYep and classified as critical. The impacted element is an unknown function of the file WYLink.php. Executing a manipulation of the argument webyep_sIncludePath can lead to improper privilege management.
This vulnerability appears as CVE-2006-5220. The attack may be performed from remote. In addition, an exploit is available.
VulDB
PHP Web WebYep WYMenuElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYMenuElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability, which was classified as critical, has been found in PHP Web WebYep. The impacted element is an unknown function of the file WYMenuElement.php. Performing a manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is cataloged as CVE-2006-5220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
VulDB
PHP Web WebYep WYGuestbookElement.php privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYGuestbookElement.php privileges management (EDB-2496 / XFDB-29397)
A vulnerability labeled as critical has been found in PHP Web WebYep. This affects an unknown part of the file WYGuestbookElement.php. Executing a manipulation can lead to improper privilege management.
The identification of this vulnerability is CVE-2006-5220. The attack may be launched remotely. Furthermore, there is an exploit available.
VulDB
PHP Web WebYep WYEditor.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYEditor.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability described as critical has been identified in PHP Web WebYep. Affected by this issue is some unknown functionality of the file WYEditor.php. Executing a manipulation of the argument webyep_sIncludePath can lead to improper privilege management.
This vulnerability is tracked as CVE-2006-5220. The attack can be launched remotely. Moreover, an exploit is present.
VulDB
PHP Web WebYep WYTextArea.php privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYTextArea.php privileges management (EDB-2496 / XFDB-29397)
A vulnerability categorized as critical has been discovered in PHP Web WebYep. Affected by this vulnerability is an unknown functionality of the file WYTextArea.php. Such manipulation leads to improper privilege management.
This vulnerability is uniquely identified as CVE-2006-5220. The attack can be launched remotely. Moreover, an exploit is present.
VulDB
PHP Web WebYep WYLogonButtonElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYLogonButtonElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability described as critical has been identified in PHP Web WebYep. This issue affects some unknown processing of the file WYLogonButtonElement.php. The manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability is identified as CVE-2006-5220. The attack can be executed remotely. Additionally, an exploit exists.
VulDB
PHP Web WebYep WYGalleryElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYGalleryElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability identified as critical has been detected in PHP Web WebYep. Affected by this issue is some unknown functionality of the file WYGalleryElement.php. Performing a manipulation of the argument webyep_sIncludePath results in improper privilege management.
This vulnerability was named CVE-2006-5220. The attack may be initiated remotely. In addition, an exploit is available.
VulDB
PHP Web WebYep WYLoopElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYLoopElement.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability classified as critical was found in PHP Web WebYep. The affected element is an unknown function of the file WYLoopElement.php. Such manipulation of the argument webyep_sIncludePath leads to improper privilege management.
This vulnerability is listed as CVE-2006-5220. The attack may be performed from remote. In addition, an exploit is available.
VulDB
PHP Web WebYep WYSelectMenu.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
vuldb·2026-04-24·CVSS 5.1
CVE-2006-5220 [MEDIUM] PHP Web WebYep WYSelectMenu.php webyep_sIncludePath privileges management (EDB-2496 / XFDB-29397)
A vulnerability was found in PHP Web WebYep. It has been rated as critical. Affected is an unknown function of the file WYSelectMenu.php. This manipulation of the argument webyep_sIncludePath causes improper privilege management.
This vulnerability is handled as CVE-2006-5220. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-jc7h-wrg4-22rv: Multiple PHP remote file inclusion vulnerabilities in WebYep 1
ghsa_unreviewed·2022-05-01
CVE-2006-5220 [MEDIUM] CWE-94 GHSA-jc7h-wrg4-22rv: Multiple PHP remote file inclusion vulnerabilities in WebYep 1
Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
No detection rules found.
No writeups or analysis indexed.
http://advisories.echo.or.id/adv/adv48-theday-2006.txthttp://secunia.com/advisories/22336http://securityreason.com/securityalert/1702http://securitytracker.com/id?1017023http://www.obdev.at/products/webyep/release-notes.htmlhttp://www.osvdb.org/29643http://www.osvdb.org/29644http://www.osvdb.org/29645http://www.osvdb.org/29646http://www.osvdb.org/29647http://www.osvdb.org/29648http://www.osvdb.org/29649http://www.osvdb.org/29650http://www.osvdb.org/29651http://www.osvdb.org/29652http://www.osvdb.org/29653http://www.osvdb.org/29654http://www.osvdb.org/29655http://www.osvdb.org/29656http://www.osvdb.org/29657http://www.osvdb.org/29658http://www.osvdb.org/29659http://www.osvdb.org/29660http://www.osvdb.org/29661http://www.osvdb.org/29662http://www.osvdb.org/29663http://www.securityfocus.com/archive/1/448009/100/0/threadedhttp://www.securityfocus.com/bid/20406http://www.vupen.com/english/advisories/2006/3972https://exchange.xforce.ibmcloud.com/vulnerabilities/29397https://www.exploit-db.com/exploits/2496http://advisories.echo.or.id/adv/adv48-theday-2006.txthttp://secunia.com/advisories/22336http://securityreason.com/securityalert/1702http://securitytracker.com/id?1017023http://www.obdev.at/products/webyep/release-notes.htmlhttp://www.osvdb.org/29643http://www.osvdb.org/29644http://www.osvdb.org/29645http://www.osvdb.org/29646http://www.osvdb.org/29647http://www.osvdb.org/29648http://www.osvdb.org/29649http://www.osvdb.org/29650http://www.osvdb.org/29651http://www.osvdb.org/29652http://www.osvdb.org/29653http://www.osvdb.org/29654http://www.osvdb.org/29655http://www.osvdb.org/29656http://www.osvdb.org/29657http://www.osvdb.org/29658http://www.osvdb.org/29659http://www.osvdb.org/29660http://www.osvdb.org/29661http://www.osvdb.org/29662http://www.osvdb.org/29663http://www.securityfocus.com/archive/1/448009/100/0/threadedhttp://www.securityfocus.com/bid/20406http://www.vupen.com/english/advisories/2006/3972https://exchange.xforce.ibmcloud.com/vulnerabilities/29397https://www.exploit-db.com/exploits/2496
2006-10-10
Published