CVE-2006-6966

Name of the Vulnerable Software and Affected Versions: phpGraphy versions prior to 0.9.13a

Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. This is due to the software not properly unsetting variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value.

Recommendations: For versions prior to 0.9.13a, update to version 0.9.13a or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. Avoid using the pictures[] parameter in the affected API endpoint until the issue is resolved.