CVE-2006-4448

Name of the Vulnerable Software and Affected Versions interact version 2.2

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in certain files when register globals is enabled. This can be achieved by manipulating the CONFIG[BASE PATH] parameter in files such as admin/autoprompter.php and includes/common.inc.php, and the CONFIG[LANGUAGE CPATH] parameter in admin/autoprompter.php.

Recommendations For interact version 2.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the admin/autoprompter.php and includes/common.inc.php files to minimize the risk of arbitrary PHP code execution. Avoid using the CONFIG[BASE PATH] and CONFIG[LANGUAGE CPATH] parameters in the affected files until the issue is resolved.