CVE-2006-4246

Name of the Vulnerable Software and Affected Versions Usermin versions prior to 1.220 (20060629)

Description The issue allows remote attackers to read arbitrary files. This is possibly related to the chfn/save.cgi script not properly handling an empty shell parameter, which can result in changing the root's shell instead of the shell of a specified user.

Recommendations For versions prior to 1.220 (20060629), update to version 1.220 (20060629) or later to resolve the issue. As a temporary workaround, consider restricting access to the chfn/save.cgi script until the update is applied.