CVE-2006-1478

Name of the Vulnerable Software and Affected Versions: PHP Live Helper versions 1.8 and possibly later versions

Description: A directory traversal issue exists in initiate.php and possibly other PHP scripts, allowing remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie. This can be exploited by uploading PHP code in a gl session cookie to users.php, which causes the code to be stored in error.log, and then included by initiate.php.

Recommendations: For PHP Live Helper versions 1.8 and possibly later versions, consider restricting access to the initiate.php and users.php scripts until a patch is available. As a temporary workaround, avoid using the language cookie and restrict the use of the gl session cookie to minimize the risk of exploitation.