CVE-2006-5440

Name of the Vulnerable Software and Affected Versions Comdev Form Designer version 4.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter when register globals is enabled. This is related to a remote file inclusion vulnerability in the adminfoot.php file.

Recommendations For Comdev Form Designer version 4.1, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the adminfoot.php file until a patch is available. Avoid using the path[docroot] parameter in the affected URL until the issue is resolved.