CVE-2006-5506

Name of the Vulnerable Software and Affected Versions WiClear version 0.10

Description The issue allows remote attackers to execute arbitrary PHP code via the path parameter in several files, including (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in the admin/ directory; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in the inc/ directory.

Recommendations For WiClear version 0.10, consider restricting access to the vulnerable files until a patch is available. As a temporary workaround, avoid using the path parameter in the affected files. Restrict access to the admin/ and inc/ directories to minimize the risk of exploitation.