CVE-2006-0169

Name of the Vulnerable Software and Affected Versions MyPhPim version 01.05

Description The issue allows remote attackers to execute arbitrary PHP code by uploading files without restrictions. This is achieved via the pdbfile variable, and then directly accessing those files from the uploads directory.

Recommendations For MyPhPim version 01.05, restrict uploaded files to prevent remote attackers from executing arbitrary PHP code. As a temporary workaround, consider disabling file uploads until a patch is available. Restrict access to the uploads directory to minimize the risk of exploitation. Avoid using the pdbfile variable in the affected addresses.php3 file until the issue is resolved.