CVE-2006-4877

Name of the Vulnerable Software and Affected Versions David Bennett PHP-Post (PHPp) versions 1.0 and earlier

Description The issue allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function. This is demonstrated by the table prefix parameter in various PHP files, including "index.php", "profile.php", and "header.php".

Recommendations For David Bennett PHP-Post (PHPp) versions 1.0 and earlier, consider disabling the use of the extract function until a patch is available. Restrict access to the table prefix parameter in the affected PHP files to minimize the risk of exploitation.