CVE-2005-2775

Name of the Vulnerable Software and Affected Versions phpWebNotes version 2.0.0

Description The issue arises from the use of the extract function in the php api.php file, which modifies key variables such as $t path core. This leads to a PHP file inclusion issue, allowing remote attackers to execute arbitrary PHP code via the t path core parameter.

Recommendations For phpWebNotes version 2.0.0, consider restricting access to the t path core parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the extract function to modify key variables until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.