CVE-2006-5132

Name of the Vulnerable Software and Affected Versions phpMyAgenda versions 3.0 Final and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to several API endpoints: "agendaplace.php3", "agendaplace2.php3", "infoevent.php3", and "agenda2.php3".

Recommendations For phpMyAgenda versions 3.0 Final and earlier, consider restricting access to the rootagenda parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the rootagenda parameter in the "agendaplace.php3", "agendaplace2.php3", "infoevent.php3", and "agenda2.php3" endpoints to minimize the risk of exploitation.