CVE-2006-1162

Name of the Vulnerable Software and Affected Versions Nodez versions 4.6.1.1 and earlier

Description The issue allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter. This can be demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.

Recommendations For Nodez versions 4.6.1.1 and earlier, as a temporary workaround, consider restricting access to the op parameter to minimize the risk of exploitation. Avoid using the op parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.