CVE-2006-5796

Name of the Vulnerable Software and Affected Versions: Soholaunch Pro Edition versions 4.9 r46 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the SESSION[docroot path] parameter to specific PHP files, such as includes/shared functions.php or client files/shopping cart/pgm-shopping css.inc.php.

Recommendations: For Soholaunch Pro Edition versions 4.9 r46 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/shared functions.php and client files/shopping cart/pgm-shopping css.inc.php files until a patch is available. Avoid using the SESSION[docroot path] parameter in affected API endpoints until the issue is resolved.