CVE-2009-0970

Name of the Vulnerable Software and Affected Versions PHP Pro Bid version 6.05

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter when register globals is enabled. This is due to a remote file inclusion vulnerability in the includes/class image.php file.

Recommendations For PHP Pro Bid version 6.05, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/class image.php file to minimize the risk of arbitrary PHP code execution. Avoid using the fileExtension parameter in vulnerable configurations until the issue is resolved.