CVE-2006-5931

Name of the Vulnerable Software and Affected Versions Aigaion version 1.2.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in various directories, including lib/actions/, lib/displays/, lib/editforms/, lib/functions/, scheme/, and the root directory, when register globals is enabled.

Recommendations For Aigaion version 1.2.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the affected PHP scripts in the mentioned directories until a fix is available. As a temporary workaround, avoid using the DIR parameter in URLs for these scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.