CVE-2006-4669

Name of the Vulnerable Software and Affected Versions Somery versions 0.4.6 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter when register globals is enabled. This is related to a remote file inclusion vulnerability in the admin/system/include.php file.

Recommendations For Somery versions 0.4.6 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the admin/system/include.php file to minimize the risk of arbitrary PHP code execution. Avoid using the skindir parameter in URLs until the issue is resolved.