CVE-2005-1222

Name of the Vulnerable Software and Affected Versions Annuaire Netref version 4.2

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved by setting the ad direct parameter to reference cat for gen.php, then including the code in the m for racine parameter, which is then written to cat for gen.php.

Recommendations For Annuaire Netref version 4.2, consider restricting access to the cat for gen.php file and avoid using the ad direct and m for racine parameters until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in the cat for gen.php file to prevent exploitation.