CVE-2006-5402

Name of the Vulnerable Software and Affected Versions PHPmybibli versions 3.0.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. The vulnerable parameters include class path, javascript path, and include path in files such as cart.php, index.php, edit.php, and circ.php. Additionally, unspecified parameters in select.php and other files are also affected.

Recommendations For PHPmybibli versions 3.0.1 and earlier, consider restricting access to the vulnerable parameters class path, javascript path, and include path in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of remote files in the cart.php, index.php, edit.php, and circ.php files. Avoid using unspecified parameters in select.php and other files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.