CVE-2006-6511

Name of the Vulnerable Software and Affected Versions dadaIMC version .99.3

Description The issue arises from an insufficiently restrictive FilesMatch directive in the installed .htaccess file. This allows remote attackers to execute arbitrary PHP code by uploading files with specific names, including those containing feature, editor, newswire, otherpress, admin, pbook, media, or mod. These file names are processed as PHP file types, leading to potential code execution.

Recommendations For dadaIMC version .99.3, consider updating the .htaccess file to include more restrictive FilesMatch directives to prevent the execution of arbitrary PHP code from uploaded files. As a temporary workaround, restrict access to file uploads or limit the types of files that can be uploaded to prevent potential exploitation.