CVE-2006-4733

Name of the Vulnerable Software and Affected Versions Haakon Nilsen simple, integrated publishing system (SIPS) versions 0.3.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter in the sipssys/code/box.inc.php file. The product's documentation recommends placing the affected file outside of the web root, which limits the scope of the issue to administrators who do not or cannot follow this recommendation.

Recommendations For SIPS versions 0.3.1 and earlier, consider placing the sipssys/code/box.inc.php file outside of the web root as recommended by the product's documentation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.