CVE-2006-5767 in Drake CMS
Summary
by MITRE
PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2006-5767 represents a critical remote file inclusion flaw in the Drake CMS content management system version 0.2.2 alpha rev.846 and earlier. This vulnerability resides within the includes/xhtml.php file and demonstrates a classic security misconfiguration that enables attackers to inject malicious code through improperly validated user input. The flaw specifically affects the d_root parameter which is used to determine the root directory for XHTML processing within the CMS framework, creating an avenue for unauthorized code execution.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the PHP application code. When the d_root parameter is passed to the xhtml.php file, the application fails to properly validate or sanitize the input before using it in file inclusion operations. This creates a path traversal condition where an attacker can inject a URL containing malicious PHP code into the d_root parameter. The vulnerability directly maps to CWE-88, which describes improper neutralization of argument delimiters in a command or query, and CWE-94, which encompasses the execution of arbitrary code due to improper input validation. The flaw operates at the application layer and specifically affects PHP-based web applications that utilize user-supplied input for dynamic file operations.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete control over the affected web server. Once exploited, adversaries can execute arbitrary PHP commands with the privileges of the web server process, potentially leading to full system compromise. This vulnerability enables attackers to upload backdoors, steal sensitive data, modify content, or use the compromised server as a staging point for further attacks within the network. The attack surface is particularly concerning given that the vulnerability affects an alpha version of the software, suggesting that the developers had not yet implemented proper security controls. According to ATT&CK framework category T1190, this vulnerability falls under the exploitation of remote services, while T1059 represents the execution of code through command injection techniques.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security hardening. The primary solution involves upgrading to a patched version of Drake CMS where the d_root parameter is properly validated and sanitized before use in file inclusion operations. Organizations should implement input validation controls that reject any non-standard characters or URL patterns in the d_root parameter. Additionally, the principle of least privilege should be enforced by configuring the web server to operate with minimal required permissions and by implementing proper file access controls. Security measures should include disabling remote file inclusion features in PHP configurations and implementing web application firewalls to detect and block suspicious requests containing URL patterns in input parameters. The vulnerability also highlights the importance of regular security assessments and code reviews to identify similar flaws in other application components, as this type of vulnerability commonly appears in applications that do not properly validate user input before using it in dynamic operations.