CVE-2006-5627

Name of the Vulnerable Software and Affected Versions: QnECMS versions 2.5.6 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to various PHP files, including (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.

Recommendations: For QnECMS versions 2.5.6 and earlier, consider disabling the adminfolderpath parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files in admin/include/ and templates/ to minimize the risk of exploitation. Avoid using the adminfolderpath parameter in the affected API endpoints until the issue is resolved.