CVE-2006-4428
CVE-2006-4428 is a critical-severity vulnerability in Jupiter Cms with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- CVSS v2: 7.5
- EPSS exploit prediction: 4% (90th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Jupiter Cms
- Published:
- Last modified:
Description
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement
Frequently asked questions
- What is CVE-2006-4428?
- PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement
- How severe is CVE-2006-4428?
- CVE-2006-4428 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2006-4428 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (90th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-4428?
- CVE-2006-4428 affects Jupiter Cms. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-4428?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2006-4428 published?
- CVE-2006-4428 was published on 2006-08-29 and last updated on 2026-06-16.
References
- http://www.attrition.org/pipermail/vim/2006-August/000996.html
- http://www.osvdb.org/28298
- http://www.securityfocus.com/archive/1/444421/100/0/threaded
- http://www.securityfocus.com/archive/1/444729/100/0/threaded
- http://www.securityfocus.com/bid/19721
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28589
Affected products (1)
- cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*
More vulnerabilities in Jupiter Cms
- CVE-2007-0987 — High (CVSS 7.5): Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute…
- CVE-2007-0972 — High (CVSS 7.5): Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload…
- CVE-2007-0971 — High (CVSS 7.5): Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands…
- CVE-2006-4876 — High (CVSS 7.5): Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1)…
- CVE-2007-0973 — Medium (CVSS 6.8): Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject…
- CVE-2007-0986 — Medium (CVSS 5.1): PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows…