Tdiary · Tdiary · CVE-2006-6852
Name of the Vulnerable Software and Affected Versions:
tDiary versions 2.0.3 through 2.1.4.20061127
Description:
The issue allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml.
Recommendations:
For tDiary versions 2.0.3 through 2.1.4.20061127, consider restricting access to conf.rhtml and i.conf.rhtml until a patch is available.
As a temporary workaround, consider implementing additional input validation measures to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.