CVE-2006-1213

Name of the Vulnerable Software and Affected Versions JiRo's Banner System Experience and Professional versions 1.0 and earlier

Description The issue allows remote attackers to bypass access restrictions and gain privileges by making a direct request to certain scripts in the files directory. For example, an attacker can use the addadmin.asp script to create a new administrator account, demonstrating the potential for unauthorized access and privilege escalation.

Recommendations For versions 1.0 and earlier, consider restricting access to the files directory and its scripts, such as addadmin.asp, to minimize the risk of exploitation. As a temporary workaround, limit the functionality of these scripts until a fix is available.