CVE-2006-5401
published 2006-10-18CVE-2006-5401: PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.04%
85.9th percentile
PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aroundme | aroundme | <= 0.5.2 | — |
| aroundme | aroundme | <= 0.6.9 | — |
| aroundme | aroundme | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
AROUNDMe 0.5.1/0.5.2 templatePath file inclusion (EDB-2562 / XFDB-29555)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5401 [HIGH] AROUNDMe 0.5.1/0.5.2 templatePath file inclusion (EDB-2562 / XFDB-29555)
A vulnerability categorized as critical has been discovered in AROUNDMe 0.5.1/0.5.2. The affected element is an unknown function. Such manipulation of the argument templatePath leads to file inclusion.
This vulnerability is uniquely identified as CVE-2006-5401. The attack can be launched remotely. Moreover, an exploit is present.
GHSA
GHSA-5xh3-x2qg-jg8r: PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password
ghsa_unreviewed·2022-05-01
CVE-2006-5401 [HIGH] GHSA-5xh3-x2qg-jg8r: PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password
PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter.
GHSA
GHSA-g254-gcxh-rw2x: Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-5533 [HIGH] GHSA-g254-gcxh-rw2x: Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0
Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.
No detection rules found.
No writeups or analysis indexed.
2006-10-18
Published