CVE-2006-5518

Name of the Vulnerable Software and Affected Versions RSSonate (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the PROJECT ROOT parameter to several PHP files, including xml2rss.php, config local.php, rssonate.php, and sql2xml.php in the Src/getFeed/inc/ directory. This can be achieved by manipulating the URL to include malicious PHP code.

Recommendations As a temporary workaround, consider restricting access to the Src/getFeed/inc/ directory to minimize the risk of exploitation. Avoid using the PROJECT ROOT parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.