CVE-2006-5620

Name of the Vulnerable Software and Affected Versions: MiniBILL versions 1.2.3 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the config[page dir] parameter.

Recommendations: For MiniBILL versions 1.2.3 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the include/menu builder.php file to minimize the risk of arbitrary PHP code execution. Avoid using the config[page dir] parameter in URLs for the affected versions.