CVE-2006-6186

Name of the Vulnerable Software and Affected Versions enomphp version 4.0

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the dir parameter to various PHP files, including "config.php", "ranklv inside.php", "rankml inside.php", and "admin/Restore/config.php".

Recommendations For enomphp version 4.0, consider restricting access to the dir parameter in the affected PHP files to minimize the risk of exploitation. As a temporary workaround, restrict access to the vulnerable PHP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.