CVE-2006-1545

Name of the Vulnerable Software and Affected Versions: VNews version 1.2

Description: A direct static code injection issue exists, allowing remote authenticated administrators to execute code. This is achieved by inserting code into variables stored in admin/config.php.

Recommendations: For VNews version 1.2, consider restricting access to the admin/config.php file to prevent code injection until a fix is available. As a temporary workaround, avoid using variables that can be manipulated by authenticated administrators in the admin/config.php file.