CVE-2006-1495

Name of the Vulnerable Software and Affected Versions: PHPCollab versions 2.4 through 2.5.rc3 NetOffice versions 2.5.3-pl1 through 2.6.0b2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the loginForm parameter in the "forgotten password" option, specifically targeting the general/sendpassword.php file.

Recommendations: For PHPCollab versions 2.4 through 2.5.rc3, consider restricting access to the general/sendpassword.php file until a fix is available. For NetOffice versions 2.5.3-pl1 through 2.6.0b2, avoid using the loginForm parameter in the "forgotten password" option until the issue is resolved.