CVE-2006-6800

Name of the Vulnerable Software and Affected Versions: Limbo CMS event module version 1.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lm absolute path parameter in the eventcal/mod eventcal.php file. This is a result of a PHP remote file inclusion vulnerability.

Recommendations: For version 1.0 of the event module, avoid using the lm absolute path parameter in the eventcal/mod eventcal.php file until the issue is resolved. As a temporary workaround, consider restricting access to the eventcal/mod eventcal.php file to minimize the risk of exploitation.