CVE-2006-2811

Name of the Vulnerable Software and Affected Versions Cantico Ovidentia version 5.8.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in multiple PHP scripts, including "index.php", "topman.php", "approb.php", "vacadmb.php", "vacadma.php", "vacadm.php", "statart.php", "search.php", "posts.php", "options.php", "login.php", "frchart.php", "flbchart.php", "fileman.php", "faq.php", "event.php", "directory.php", "articles.php", "artedit.php", and "calday.php".

Recommendations For Cantico Ovidentia version 5.8.0, consider restricting access to the babInstallPath parameter in the affected PHP scripts until a patch is available. As a temporary workaround, disabling the execution of arbitrary PHP code via URL parameters in these scripts can help minimize the risk of exploitation.