CVE-2005-3571

Name of the Vulnerable Software and Affected Versions PHPCalendar version 1.0 PHPClique version 1.0 PHPCurrently version 2.0 PHPFanBase versions 2.1 through 2.2 PHPQuotes version 1.0

Description The issue allows remote attackers to include arbitrary local files via the siteurl parameter when register globals is enabled.

Recommendations For PHPCalendar version 1.0, consider disabling the siteurl parameter until a patch is available. For PHPClique version 1.0, restrict access to the vulnerable module to minimize the risk of exploitation. For PHPCurrently version 2.0, avoid using the siteurl parameter in the affected API endpoint until the issue is resolved. For PHPFanBase versions 2.1 through 2.2, as a temporary workaround, consider disabling the functionality that uses the siteurl parameter. For PHPQuotes version 1.0, restrict the use of the siteurl parameter to prevent arbitrary file inclusion.