CVE-2006-6809

Name of the Vulnerable Software and Affected Versions: Vladimir Menshakov buratinable templator (aka bubla) version 1.0.0rc2 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the bu dir or bu config[dir] parameter in the process.php file. This can be exploited by providing a malicious URL as the value for these parameters.

Recommendations: For versions 1.0.0rc2 and earlier, as a temporary workaround, consider restricting access to the process.php file or disabling the bu dir and bu config[dir] parameters until a patch is available. Avoid using the bu dir and bu config[dir] parameters in the process.php file until the issue is resolved.