CVE-2006-5381
published 2006-10-18CVE-2006-5381: Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.12%
62.0th percentile
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contenido | contendio | — | — |
| contenido | contendio | — | — |
| contenido | contendio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2006-10-18
Published