CVE-2010-1106

Name of the Vulnerable Software and Affected Versions AdvertisementManager version 3.1.0

Description A remote file inclusion issue in cgi/index.php allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. This can also be used to include and execute arbitrary local files using .. (dot dot) sequences.

Recommendations For AdvertisementManager version 3.1.0, consider restricting access to the cgi/index.php file and the req parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the req parameter in the affected API endpoint until the issue is resolved.