CVE-2006-4890

Name of the Vulnerable Software and Affected Versions UNAK-CMS versions 1.5 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the dirroot parameter to specific API endpoints, such as "/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php" or "/fckeditor/editor/dialog/fck link.php".

Recommendations For UNAK-CMS versions 1.5 and earlier, consider disabling access to the fckeditor/editor/filemanager/browser/default/connectors/php/connector.php and fckeditor/editor/dialog/fck link.php endpoints until a patch is available. Avoid using the dirroot parameter in these endpoints to minimize the risk of exploitation.