CVE-2006-1085

Name of the Vulnerable Software and Affected Versions PHP-Stats versions 0.1.9.1 and earlier

Description The issue allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code. This is achieved by modifying the option[admin pass] parameter and setting the pass cookie to the MD5 hash of the specified password.

Recommendations For PHP-Stats versions 0.1.9.1 and earlier, as a temporary workaround, consider restricting access to the admin.php file until a patch is available. Avoid using the option[admin pass] parameter and the pass cookie in the affected admin.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.