CVE-2006-6856

Name of the Vulnerable Software and Affected Versions: WebText CMS versions 0.4.5.2 and earlier

Description: A direct static code injection issue allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit operation, which is then executed via a direct request for this script.

Recommendations: For WebText CMS versions 0.4.5.2 and earlier, as a temporary workaround, consider restricting access to the wt/users/ script and the im parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.