CVE-2006-4428

CVE-2006-4428 is a critical-severity vulnerability in Jupiter Cms with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement

Frequently asked questions

What is CVE-2006-4428?
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement
How severe is CVE-2006-4428?
CVE-2006-4428 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2006-4428 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (90th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2006-4428?
CVE-2006-4428 affects Jupiter Cms. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2006-4428?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2006-4428 published?
CVE-2006-4428 was published on 2006-08-29 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Jupiter Cms

All CVEs affecting Jupiter Cms →