CVE-2006-2695

Name of the Vulnerable Software and Affected Versions DGNews versions 1.5 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. This is related to the admin/upprocess.php file.

Recommendations For DGNews versions 1.5 and earlier, consider restricting access to the admin/upprocess.php file and the img directory to prevent uploading of malicious scripts until a fix is available. As a temporary workaround, avoid using the img directory for uploading files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.