CVE-2006-4636

Name of the Vulnerable Software and Affected Versions SZEWO PhpCommander versions 3.0 and earlier

Description A directory traversal issue allows remote attackers to include and execute arbitrary local files by using directory traversal sequences in the Directory parameter. This can be achieved by specifying parameter values that name files, such as Apache HTTP Server log files, which may contain PHP code.

Recommendations For SZEWO PhpCommander versions 3.0 and earlier, as a temporary workaround, consider restricting access to the Directory parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.