CVE-2006-5911 in Campsite
Summary
by MITRE
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/27/2026
The vulnerability described in CVE-2006-5911 represents a critical remote file inclusion flaw affecting Campware Campsite versions prior to 2.6.2. This issue stems from inadequate input validation mechanisms within the application's core components, specifically targeting the g_documentRoot parameter which is used to define the document root path for various PHP scripts. The vulnerability affects a comprehensive list of 39 distinct PHP files across multiple directories within the Campware Campsite implementation structure, making it particularly dangerous as it spans across core management classes, configuration files, and localization components. The flaw allows attackers to inject malicious URLs into the g_documentRoot parameter, which are then processed by the application without proper sanitization, creating a pathway for arbitrary code execution.
The technical exploitation of this vulnerability follows the established patterns of remote file inclusion attacks as classified under CWE-88, where user-supplied input is directly incorporated into file inclusion operations. The affected files include both core application classes such as Alias.php, Article.php, and DatabaseObject.php, as well as critical configuration files like configuration.php, db_connect.php, and LocalizerConfig.php. These files are typically invoked during normal application operation and are particularly vulnerable because they accept external parameters without proper validation. The attack vector operates by constructing a malicious URL that points to attacker-controlled content, which gets executed when the application attempts to include the specified file path. This creates a persistent threat vector that can be exploited across multiple application modules, as evidenced by the extensive list of vulnerable files.
The operational impact of this vulnerability extends far beyond simple code execution, as it provides attackers with complete control over the affected server environment. Successful exploitation can lead to full system compromise, data theft, and persistent backdoor access. The vulnerability's widespread nature across 39 different files means that an attacker only needs to find one entry point to gain access to the entire application infrastructure. This aligns with ATT&CK technique T1190 for exploiting vulnerabilities in web applications and T1059 for executing malicious code through PHP-based attacks. The vulnerability also demonstrates weaknesses in input validation and secure coding practices, particularly the failure to implement proper parameter sanitization and file inclusion restrictions that would prevent external URLs from being processed as legitimate file paths.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security improvements. The primary solution involves upgrading to Campware Campsite version 2.6.2 or later, which contains the necessary patches to address the input validation flaws. Organizations should also implement strict input validation measures including whitelisting of acceptable file paths, implementing proper parameter sanitization, and using secure file inclusion practices such as the include_once() function with validated paths. Additionally, network-level protections such as web application firewalls and strict access controls should be deployed to limit exposure. The vulnerability highlights the importance of secure coding practices and proper input validation as outlined in OWASP Top 10 categories and should be addressed through comprehensive security testing including static code analysis and dynamic application security testing to prevent similar issues in other applications.