CVE-2006-4921

Name of the Vulnerable Software and Affected Versions Site@School versions 2.4.03 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to "starnet/modules/include/include.php".

Recommendations For versions 2.4.03 and earlier, consider restricting access to the include.php file in the starnet/modules/include directory until a fix is available. Avoid using the cmsdir parameter in the affected API endpoint until the issue is resolved.