CVE-2006-6725

Name of the Vulnerable Software and Affected Versions: PHPBuilder versions 0.0.2 and earlier

Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the filename parameter to specific API endpoints, such as "lib/htm2php.php" and "sitetools/htm2php.php".

Recommendations: For PHPBuilder versions 0.0.2 and earlier, consider restricting access to the lib/htm2php.php and sitetools/htm2php.php endpoints until a fix is available. Avoid using the filename parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.