CVE-2006-5436
published 2006-10-20CVE-2006-5436: PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.05%
78.9th percentile
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freefaq | freefaq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
FreeFAQ 1.0.e index.php faqpath file inclusion (EDB-28830 / BID-20621)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5436 [HIGH] FreeFAQ 1.0.e index.php faqpath file inclusion (EDB-28830 / BID-20621)
A vulnerability, which was classified as critical, has been found in FreeFAQ 1.0.e. This affects an unknown function of the file index.php. This manipulation of the argument faqpath causes file inclusion.
This vulnerability is tracked as CVE-2006-5436. The attack is possible to be carried out remotely. Moreover, an exploit is present.
GHSA
GHSA-qg2m-m758-mr3c: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2006-5436 [HIGH] GHSA-qg2m-m758-mr3c: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
No detection rules found.
No writeups or analysis indexed.
2006-10-20
Published