CVE-2006-1563

Name of the Vulnerable Software and Affected Versions: VBook version 2.0

Description: A direct static code injection issue in the config.php file of VBook allows remote administrators to execute arbitrary PHP code. This code is injected into the config file, which is then included in other VBook scripts.

Recommendations: For VBook version 2.0, consider restricting access to the config.php file to prevent remote administrators from injecting arbitrary PHP code until a patch is available. As a temporary workaround, limit the privileges of remote administrators to minimize the risk of exploitation.