CVE-2006-5302

Name of the Vulnerable Software and Affected Versions Redaction System version 1.0000

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters. This can be achieved by manipulating the lang prefix parameter in the following API endpoints: "conn.php", "sesscheck.php", "wap/conn.php", or "wap/sesscheck.php", or the lang parameter in the "index.php" endpoint.

Recommendations For Redaction System version 1.0000, consider disabling the lang prefix and lang parameters in the affected API endpoints until a patch is available. Restrict access to the vulnerable endpoints "conn.php", "sesscheck.php", "wap/conn.php", "wap/sesscheck.php", and "index.php" to minimize the risk of exploitation. Avoid using the lang prefix and lang parameters in these endpoints until the issue is resolved.