CVE-2006-6770

Name of the Vulnerable Software and Affected Versions: Jinzora Media Jukebox versions 2.7 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the include path parameter in several PHP files, including "popup.php", "rss.php", "ajax request.php", and "mediabroadcast.php".

Recommendations: For Jinzora Media Jukebox versions 2.7 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP files, specifically "popup.php", "rss.php", "ajax request.php", and "mediabroadcast.php", until a fix is available. Avoid using the include path parameter in these files until the issue is resolved.