CVE-2006-3116

Name of the Vulnerable Software and Affected Versions phpRaid versions 3.0.4 through 3.0.5

Description The issue allows remote attackers to execute arbitrary code via a URL in the phpraid dir parameter to various PHP files, including 'configuration.php', 'guilds.php', 'index.php', 'locations.php', 'login.php', 'lua output.php', 'permissions.php', 'profile.php', 'raids.php', 'register.php', 'roster.php', and 'view.php'.

Recommendations For phpRaid version 3.0.4, update to a version that fixes the remote file inclusion issue. For phpRaid version 3.0.5, update to a version that fixes the remote file inclusion issue. As a temporary workaround, consider restricting access to the phpraid dir parameter in the affected PHP files until a patch is available.