CVE-2006-5911

Name of the Vulnerable Software and Affected Versions Campware Campsite versions prior to 2.6.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the g documentRoot parameter to multiple PHP files, including Alias.php, Article.php, and others in the implementation/management/classes/ directory, as well as configuration.php and db connect.php in the implementation/management/ directory, and LocalizerConfig.php and LocalizerLanguage.php in the implementation/management/priv/localizer/ directory.

Recommendations For Campware Campsite versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the g documentRoot parameter in the affected API endpoints until the issue is resolved.