CVE-2006-2283

Name of the Vulnerable Software and Affected Versions SpiffyJr phpRaid versions 2.9.5 through 3.0.b3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters when certain portals are enabled. This can be achieved through the phpbb root path parameter in (1) auth.php and (2) auth phpbb when the phpBB portal is enabled, and via the smf root path parameter in (3) auth.php and (4) auth SMF when the SMF portal is enabled.

Recommendations For SpiffyJr phpRaid versions 2.9.5 through 3.0.b3, consider disabling the phpBB and SMF portals until a patch is available to prevent exploitation. Restrict access to the auth.php and auth phpbb/auth SMF files to minimize the risk of arbitrary PHP code execution. Avoid using the phpbb root path and smf root path parameters in the affected API endpoints until the issue is resolved.