CVE-2006-5392
published 2006-10-18CVE-2006-5392: Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.68%
94.9th percentile
Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opendoc | fullcore | <= 4.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenDock sw/index_sw.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock sw/index_sw.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability marked as critical has been reported in OpenDock. This issue affects some unknown processing of the file sw/index_sw.php. This manipulation of the argument doc_directory causes improper privilege management.
This vulnerability is handled as CVE-2006-5392. The attack can be initiated remotely. Additionally, an exploit exists.
VulDB
OpenDock sw/lib_cart/lib_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock sw/lib_cart/lib_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability has been found in OpenDock and classified as critical. The impacted element is an unknown function in the library tosw/lib_cart/lib_cart.php of the file sw/lib_cart/lib_cart.php. The manipulation of the argument doc_directory leads to improper privilege management.
This vulnerability is listed as CVE-2006-5392. The attack may be initiated remotely. In addition, an exploit is available.
VulDB
OpenDock sw/lib_find/find.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock sw/lib_find/find.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability labeled as critical has been found in OpenDock. This vulnerability affects unknown code in the library sw/lib_find/find.php of the file sw/lib_find/find.php. The manipulation of the argument doc_directory results in improper privilege management.
This vulnerability is known as CVE-2006-5392. It is possible to launch the attack remotely. Furthermore, an exploit is available.
VulDB
OpenDock lib_sys_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock lib_sys_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability was found in OpenDock. It has been classified as critical. This impacts an unknown function in the library sw/lib_cart/lib_sys_cart.php of the file sw/lib_cart/lib_sys_cart.php. This manipulation of the argument doc_directory causes improper privilege management.
This vulnerability is registered as CVE-2006-5392. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
VulDB
OpenDock lib_read_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock lib_read_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability was found in OpenDock and classified as critical. This affects an unknown function in the library sw/lib_cart/lib_read_cart.php of the file sw/lib_cart/lib_read_cart.php. The manipulation of the argument doc_directory results in improper privilege management.
This vulnerability is cataloged as CVE-2006-5392. The attack may be launched remotely. Furthermore, there is an exploit available.
VulDB
OpenDock lib_comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock lib_comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability identified as critical has been detected in OpenDock. This affects an unknown part in the library sw/lib_comment/lib_comment.php of the file sw/lib_comment/lib_comment.php. The manipulation of the argument doc_directory leads to improper privilege management.
This vulnerability is traded as CVE-2006-5392. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
VulDB
OpenDock comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability was found in OpenDock. It has been rated as critical. Affected by this vulnerability is an unknown functionality in the library sw/lib_comment/comment.php of the file sw/lib_comment/comment.php. Performing a manipulation of the argument doc_directory results in improper privilege management.
This vulnerability is reported as CVE-2006-5392. The attack is possible to be carried out remotely. Moreover, an exploit is present.
VulDB
OpenDoc FullCore 4.4 sw/lib_cart/cart.php doc_directory file inclusion (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDoc FullCore 4.4 sw/lib_cart/cart.php doc_directory file inclusion (EDB-2570 / XFDB-29578)
A vulnerability, which was classified as critical, has been found in OpenDoc FullCore 4.4. Affected is an unknown function in the library sw/lib_cart/cart.php. This manipulation of the argument doc_directory causes file inclusion.
This vulnerability is registered as CVE-2006-5392. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
VulDB
OpenDock txt_info_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock txt_info_cart.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability was found in OpenDock. It has been declared as critical. Affected is an unknown function in the library sw/lib_cart/txt_info_cart.php of the file sw/lib_cart/txt_info_cart.php. Such manipulation of the argument doc_directory leads to improper privilege management.
This vulnerability is documented as CVE-2006-5392. The attack can be executed remotely. Additionally, an exploit exists.
VulDB
OpenDock find_comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5392 [HIGH] OpenDock find_comment.php doc_directory privileges management (EDB-2570 / XFDB-29578)
A vulnerability categorized as critical has been discovered in OpenDock. Affected by this issue is some unknown functionality in the library sw/lib_comment/find_comment.php of the file sw/lib_comment/find_comment.php. Executing a manipulation of the argument doc_directory can lead to improper privilege management.
This vulnerability appears as CVE-2006-5392. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-v67h-c36f-vh4h: Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4
ghsa_unreviewed·2022-05-01
CVE-2006-5392 [HIGH] GHSA-v67h-c36f-vh4h: Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4
Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/22410http://www.osvdb.org/29906http://www.osvdb.org/29907http://www.osvdb.org/29908http://www.osvdb.org/29909http://www.osvdb.org/29910http://www.osvdb.org/29911http://www.osvdb.org/29912http://www.osvdb.org/29913http://www.osvdb.org/29914http://www.osvdb.org/29915http://www.securityfocus.com/bid/20573http://www.vupen.com/english/advisories/2006/4052https://exchange.xforce.ibmcloud.com/vulnerabilities/29578https://www.exploit-db.com/exploits/2570http://secunia.com/advisories/22410http://www.osvdb.org/29906http://www.osvdb.org/29907http://www.osvdb.org/29908http://www.osvdb.org/29909http://www.osvdb.org/29910http://www.osvdb.org/29911http://www.osvdb.org/29912http://www.osvdb.org/29913http://www.osvdb.org/29914http://www.osvdb.org/29915http://www.securityfocus.com/bid/20573http://www.vupen.com/english/advisories/2006/4052https://exchange.xforce.ibmcloud.com/vulnerabilities/29578https://www.exploit-db.com/exploits/2570
2006-10-18
Published