CVE-2006-5189

Name of the Vulnerable Software and Affected Versions klinza professional cms versions 5.0.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the appl parameter. This can be achieved by manipulating the URL to include malicious PHP code, which can then be executed by the server.

Recommendations For klinza professional cms versions 5.0.1 and earlier, consider disabling the show hlp.php function in the funzioni/lib directory until a patch is available. Restrict access to the appl parameter in the affected API endpoint to minimize the risk of exploitation.