CVE-2006-6722

Name of the Vulnerable Software and Affected Versions: Bandwebsite (aka Bandsite portal system) version 1.5

Description: The issue allows remote attackers to create administrative accounts. This can be achieved by making a direct request to the "admin.php" endpoint with the Login parameter set to 1.

Recommendations: For Bandwebsite (aka Bandsite portal system) version 1.5, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, avoid using the Login parameter in the affected endpoint to minimize the risk of exploitation.