Laffer · Laffer · CVE-2005-2328
**Name of the Vulnerable Software and Affected Versions**
Laffer versions 0.3.2.6 through 0.3.2.7
**Description**
The issue allows remote attackers to execute arbitrary PHP code via the `CFG PATH` variable. This is a result of a PHP remote file inclusion vulnerability in the im.php file.
**Recommendations**
For versions 0.3.2.6 and 0.3.2.7, consider restricting access to the `CFG PATH` variable to minimize the risk of exploitation. As a temporary workaround, avoid using the `CFG PATH` variable in the im.php file until a patch is available.