CVE-2006-5431
published 2006-10-20CVE-2006-5431: PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.34%
81.5th percentile
PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpoutsourcing | zorum | <= 3.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
PHPOutsourcing Zorum 3.5 appDirName file inclusion (XFDB-29648 / BID-20606)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5431 [HIGH] PHPOutsourcing Zorum 3.5 appDirName file inclusion (XFDB-29648 / BID-20606)
A vulnerability identified as critical has been detected in PHPOutsourcing Zorum 3.5. This affects an unknown part. This manipulation of the argument appDirName causes file inclusion.
This vulnerability is handled as CVE-2006-5431. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-jg9f-549p-2xpg: PHP remote file inclusion vulnerability in gorum/dbproperty
ghsa_unreviewed·2022-05-01
CVE-2006-5431 [HIGH] GHSA-jg9f-549p-2xpg: PHP remote file inclusion vulnerability in gorum/dbproperty
PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1748http://www.securityfocus.com/archive/1/449105/100/0/threadedhttp://www.securityfocus.com/bid/20606https://exchange.xforce.ibmcloud.com/vulnerabilities/29648http://securityreason.com/securityalert/1748http://www.securityfocus.com/archive/1/449105/100/0/threadedhttp://www.securityfocus.com/bid/20606https://exchange.xforce.ibmcloud.com/vulnerabilities/29648
2006-10-20
Published