CVE-2006-4656

Name of the Vulnerable Software and Affected Versions Web Provence SL Site versions 1.0 and earlier

Description A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the spaw root parameter. This issue is actually in a third-party product, SPAW Editor PHP Edition.

Recommendations For Web Provence SL Site versions 1.0 and earlier, consider disabling the spaw control.class.php file in the admin/editeur directory until a patch is available. Restrict access to the spaw root parameter to minimize the risk of exploitation.