CVE-2006-5429
published 2006-10-20CVE-2006-5429: Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.68%
83.9th percentile
Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barry_nauta | brim | <= 1.2.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Barry Nauta BRIM 1.2.1 Sidebar template.tpl.php renderer file inclusion (EDB-2589 / XFDB-29647)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5429 [HIGH] Barry Nauta BRIM 1.2.1 Sidebar template.tpl.php renderer file inclusion (EDB-2589 / XFDB-29647)
A vulnerability was found in Barry Nauta BRIM 1.2.1. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file template.tpl.php of the component Sidebar. The manipulation of the argument renderer leads to file inclusion.
This vulnerability is traded as CVE-2006-5429. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-48m2-xcr6-vx9f: Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1
ghsa_unreviewed·2022-05-01
CVE-2006-5429 [HIGH] GHSA-48m2-xcr6-vx9f: Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1
Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/22465http://www.securityfocus.com/bid/20594http://www.vupen.com/english/advisories/2006/4086https://exchange.xforce.ibmcloud.com/vulnerabilities/29647https://www.exploit-db.com/exploits/2589http://secunia.com/advisories/22465http://www.securityfocus.com/bid/20594http://www.vupen.com/english/advisories/2006/4086https://exchange.xforce.ibmcloud.com/vulnerabilities/29647https://www.exploit-db.com/exploits/2589
2006-10-20
Published