CVE-2006-6877

Name of the Vulnerable Software and Affected Versions: Matteo Lucarelli 3editor CMS versions 0.42 and earlier

Description: A directory traversal issue exists in index.php, allowing remote attackers to include arbitrary files via a .. (dot dot) in the page parameter when register globals is enabled.

Recommendations: For versions 0.42 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the index.php file to minimize the risk of arbitrary file inclusion.