CVE-2006-6850

Name of the Vulnerable Software and Affected Versions: Shadowed Portal version 5.7

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the mod root parameter in the include.php file of the Roster Module (character roster).

Recommendations: For Shadowed Portal version 5.7, consider restricting access to the include.php file in the Roster Module to minimize the risk of exploitation. As a temporary workaround, avoid using the mod root parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.