CVE-2006-2425

Name of the Vulnerable Software and Affected Versions PhpRemoteView versions prior to 2003-10-23

Description The issue allows remote attackers to inject arbitrary web script or HTML via the f, d, and ref parameters, and the "MAKE DIR" and "Full file name" fields. This can be exploited by injecting malicious code into these parameters and fields.

Recommendations For versions prior to 2003-10-23, as a temporary workaround, consider restricting access to the f, d, and ref parameters, and the "MAKE DIR" and "Full file name" fields in PRV.php until a patch is available. Avoid using these parameters and fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.