CVE-2006-1022

Name of the Vulnerable Software and Affected Versions PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) version 3

Description The issue allows remote attackers to include and execute arbitrary PHP code via a URL in the uye klasor parameter, along with a misafir[] parameter that is set to UYE SEVIYE. This can be exploited by sending a crafted request to the sol menu.php file.

Recommendations For PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) version 3, consider validating and sanitizing the uye klasor and misafir[] parameters to prevent the inclusion of arbitrary PHP code. As a temporary workaround, restrict access to the sol menu.php file to minimize the risk of exploitation.