CVE-2006-5412

Name of the Vulnerable Software and Affected Versions PHP Outburst Easynews versions 4.4.1 and earlier

Description The issue allows remote attackers to bypass authentication and gain the ability to execute arbitrary code when the register globals setting is enabled. This is achieved via the en login id parameter.

Recommendations For PHP Outburst Easynews versions 4.4.1 and earlier, disable the register globals setting to prevent exploitation. Additionally, consider restricting access to the admin.php file until a fix is available. As a temporary workaround, avoid using the en login id parameter in the affected admin.php file.