CVE-2006-1363

Name of the Vulnerable Software and Affected Versions FreeWPS version 2.11

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by uploading a .php file into the /upload directory as specified in the dirPath parameter, and then performing a direct request to that file. No information is available about the estimated number of potentially affected devices or real-world incidents.

Recommendations For FreeWPS version 2.11, consider restricting access to the images.php file and the /upload directory to prevent arbitrary PHP code execution until a patch is available. Avoid using the dirPath parameter to specify upload directories that can be accessed directly.