CVE-2006-5910 in Campsiteinfo

Summary

by MITRE

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/27/2026

The vulnerability described in CVE-2006-5910 represents a critical remote file inclusion flaw affecting Campware Campsite versions prior to 20061110. This security weakness resides in the application's handling of user-supplied input within the g_documentRoot parameter, which is processed in two specific php files: bugreporter/thankyou.php and feedback/thankyou.php located within the implementation/management/priv/ directory structure. The vulnerability enables malicious actors to inject arbitrary PHP code by manipulating the g_documentRoot parameter with a URL, effectively bypassing normal input validation mechanisms and creating an avenue for remote code execution.

From a technical perspective, this vulnerability manifests as a classic remote file inclusion (RFI) issue that falls under CWE-88, which specifically addresses the injection of untrusted input into a command or function that executes operating system commands. The flaw occurs because the application directly incorporates user-provided data into file inclusion operations without proper sanitization or validation. When the g_documentRoot parameter is passed to the application's file handling functions, it allows attackers to specify external URLs that are then included and executed as PHP code. This type of vulnerability is particularly dangerous because it enables attackers to execute arbitrary commands on the target server with the privileges of the web application.

The operational impact of this vulnerability is severe and far-reaching for affected organizations. Attackers can leverage this weakness to gain complete control over the vulnerable web server, potentially leading to data breaches, system compromise, and unauthorized access to sensitive information. The vulnerability affects critical components of the Campware Campsite application, specifically the feedback and bug reporting modules, which are commonly used by users and administrators. This means that any user interacting with these modules could inadvertently trigger the exploit, making the attack surface broader than initially apparent. The remote nature of the vulnerability eliminates the need for physical access to the target system, significantly increasing the attack vector accessibility.

Organizations affected by this vulnerability should immediately implement comprehensive mitigation strategies to protect their systems. The primary remediation involves upgrading to Campware Campsite version 20061110 or later, which contains patches addressing this specific issue. Additionally, administrators should implement input validation controls at the application level, ensuring that all user-supplied parameters are properly sanitized before being processed. Network-level protections such as web application firewalls and intrusion detection systems should be configured to monitor for suspicious URL patterns that may indicate attempts to exploit this vulnerability. The mitigation approach should align with security frameworks such as the mitre ATT&CK framework, specifically targeting the T1190 technique for exploitation of remote file inclusion vulnerabilities. Organizations should also conduct thorough security assessments to identify any other potential RFI vulnerabilities within their web applications and implement proper parameter validation mechanisms throughout their codebase to prevent similar issues from occurring in the future.

Reservation

11/15/2006

Disclosure

11/15/2006

Moderation

accepted

Entry

VDB-33273

CPE

ready

Exploit

Download

EPSS

0.02545

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!