CVE-2006-5621
published 2006-10-31CVE-2006-5621: PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.74%
84.3th percentile
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ask_rave | ask_rave | <= 0.9_pr | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ask Rave up to 0.8 end.php footfile code injection (EDB-2654 / XFDB-29825)
vuldb·2026-04-26·CVSS 7.5
CVE-2006-5621 [HIGH] Ask Rave up to 0.8 end.php footfile code injection (EDB-2654 / XFDB-29825)
A vulnerability, which was classified as critical, was found in Ask Rave up to 0.8. This impacts an unknown function of the file end.php. The manipulation of the argument footfile results in code injection.
This vulnerability is reported as CVE-2006-5621. The attack can be launched remotely. Moreover, an exploit is present.
You should upgrade the affected component.
GHSA
GHSA-4g2f-q935-7ppv: PHP remote file inclusion vulnerability in end
ghsa_unreviewed·2022-05-01
CVE-2006-5621 [HIGH] CWE-94 GHSA-4g2f-q935-7ppv: PHP remote file inclusion vulnerability in end
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
No detection rules found.
No writeups or analysis indexed.
http://rave.jk-digital.com/blog/2006/12/08/ask_rave-09b-released/http://www.securityfocus.com/bid/20758http://www.vupen.com/english/advisories/2006/4211https://exchange.xforce.ibmcloud.com/vulnerabilities/29825https://www.exploit-db.com/exploits/2654http://rave.jk-digital.com/blog/2006/12/08/ask_rave-09b-released/http://www.securityfocus.com/bid/20758http://www.vupen.com/english/advisories/2006/4211https://exchange.xforce.ibmcloud.com/vulnerabilities/29825https://www.exploit-db.com/exploits/2654
2006-10-31
Published