CVE-2006-4639

Name of the Vulnerable Software and Affected Versions C-News versions 1.0.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter in several PHP files, including "formulaire commentaires.php", "affichage/liste news.php", "affichage/news complete.php", and "affichage/pagination.php", when register globals is enabled.

Recommendations For C-News versions 1.0.1 and earlier, disable the register globals setting to prevent exploitation. As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the path parameter in the affected PHP files until the issue is resolved.