CVE-2006-4077

Name of the Vulnerable Software and Affected Versions Comet WebFileManager (CWFM) versions 0.9.1 and possibly earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter. This is a result of a PHP remote file inclusion vulnerability in CheckUpload.php.

Recommendations For versions 0.9.1 and possibly earlier, update to a version that fixes this issue, or as a temporary workaround, consider restricting access to the CheckUpload.php file to minimize the risk of exploitation. Avoid using the Language parameter in the affected API endpoint until the issue is resolved.