CVE-2006-2730

Name of the Vulnerable Software and Affected Versions Hot Open Tickets (HOT) version 11012004 ver2f

Description The issue is related to a PHP remote file inclusion vulnerability in the admin/lib action step.php file. When register globals is enabled, remote attackers can include arbitrary files via the GLOBALS[CLASS PATH] parameter. This might be the result of a global overwrite vulnerability.

Recommendations For Hot Open Tickets (HOT) version 11012004 ver2f, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the admin/lib action step.php file until a patch is available. Avoid using the GLOBALS[CLASS PATH] parameter in the affected file until the issue is resolved.