CVE-2006-1371

N/A Unknown

Published: March 23, 2006 Modified: April 16, 2026

Description

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/19353

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://www.attrition.org/pipermail/vim/2006-March/000649.html

Source: cve@mitre.org

http://www.osvdb.org/24058

Source: cve@mitre.org

http://www.osvdb.org/24059

Source: cve@mitre.org

http://www.securityfocus.com/bid/17209

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1052

Source: cve@mitre.org

Vendor Advisory

http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/25399

Source: cve@mitre.org

https://www.exploit-db.com/exploits/1605

Source: cve@mitre.org

http://secunia.com/advisories/19353