CVE-2006-7173

Name of the Vulnerable Software and Affected Versions PHP-Stats versions 0.1.9.1b and earlier

Description A direct static code injection issue allows remote attackers to execute arbitrary PHP code via a crafted option new[report w day] parameter in a preferenze action, accessible later via "option/php-stats-options.php".

Recommendations For PHP-Stats versions 0.1.9.1b and earlier, as a temporary workaround, consider restricting access to the admin.php file and the preferenze action until a patch is available. Avoid using the option new[report w day] parameter in the affected admin.php file until the issue is resolved.