CVE-2006-2964

Name of the Vulnerable Software and Affected Versions Xtreme Scripts Download Manager version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in several PHP files, including "download.php", "manager.php", "admin/scripts/category.php", "includes/add allow.php", "admin/index.php", and "admin/admin/login.php".

Recommendations For Xtreme Scripts Download Manager version 1.0, consider disabling the root parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files to minimize the risk of exploitation. Avoid using the root parameter in the affected API endpoints until the issue is resolved.