Circle R · Circle R Monster Top List · CVE-2006-1781
**Name of the Vulnerable Software and Affected Versions**
Circle R Monster Top List (MTL) versions 1.4 through 1.4.2
**Description**
A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `root path` parameter in the functions.php file.
**Recommendations**
For Circle R Monster Top List (MTL) versions 1.4 through 1.4.2, consider restricting access to the `root path` parameter in the functions.php file until a patch is available. Avoid using the `root path` parameter with untrusted input to minimize the risk of exploitation.