CVE-2006-3173

Name of the Vulnerable Software and Affected Versions Content*Builder version 0.7.5

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the path[cb] parameter to libraries/comment/postComment.php and modules/poll/poll.php, the rel parameter to modules/archive/overview.inc.php, and the actualModuleDir parameter to modules/forum/showThread.inc.php.

Recommendations For Content*Builder version 0.7.5, consider disabling the postComment.php and poll.php files in the libraries/comment and modules/poll directories, respectively, until a patch is available. Restrict access to the overview.inc.php file in the modules/archive directory to minimize the risk of exploitation via the rel parameter. Avoid using the actualModuleDir parameter in the showThread.inc.php file until the issue is resolved.