CVE-2006-4169

Name of the Vulnerable Software and Affected Versions: G/PGP (GPG) Plugin versions 2.0 through 2.1dev before 20070614

Description: The issue allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to API endpoints such as "gpg help.php" or "gpg help base.php".

Recommendations: For G/PGP (GPG) Plugin versions 2.0 through 2.1dev before 20070614, consider updating to a version released after 20070614 to resolve the issue. As a temporary workaround, restrict access to the "gpg help.php" and "gpg help base.php" files to minimize the risk of exploitation. Avoid using the help parameter in the affected API endpoints until the issue is resolved.