Is CVE-2006-3042 actively exploited?

CVE-2006-3042 has no public evidence of in-the-wild exploitation as of 2026-04-16.

What is the CVSS score for CVE-2006-3042?

CVE-2006-3042 has a CVSS score of 7.5 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P.

How do I patch CVE-2006-3042?

Patch guidance is available from ispconfig security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2006-3042.

Which products are affected by CVE-2006-3042?

1 product: ispconfig ispconfig.

CVE-2006-3042 - remediation guidance & executive summary

Description

Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: ISPCONFIG
Published: 6/15/2006
Last Modified: 4/16/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ispconfig : ispconfig

Remediation Guidance

Executive Summary

Cite this page

CVE-2006-3042. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2006-3042

View on NIST NVD

CVE-2006-3042 vulnerability