CVE-2006-2681

Name of the Vulnerable Software and Affected Versions SocketMail Lite and Pro versions 2.2.6 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code when register globals and magic quotes are enabled. This can be achieved by providing a URL in the site path parameter to API endpoints such as "index.php" and "inc-common.php".

Recommendations For SocketMail Lite and Pro versions 2.2.6 and earlier, consider disabling the register globals and magic quotes settings to mitigate the risk of exploitation. As a temporary workaround, restrict access to the "index.php" and "inc-common.php" files until a patch is available. Avoid using the site path parameter in the affected API endpoints until the issue is resolved.