CVE-2006-2129

Name of the Vulnerable Software and Affected Versions Pro Publish version 2.0

Description A direct static code injection issue allows remote authenticated administrators to execute arbitrary PHP code. This is achieved by editing specific settings stored in set inc.php.

Recommendations For Pro Publish version 2.0, consider restricting access to the settings that are stored in set inc.php to prevent exploitation until a patch is available. As a temporary workaround, limit the privileges of administrators to minimize the risk of arbitrary PHP code execution.