CVE-2006-0075

Name of the Vulnerable Software and Affected Versions: phpBook versions 1.3.2 and earlier

Description: A direct static code injection issue allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

Recommendations: For phpBook versions 1.3.2 and earlier, as a temporary workaround, consider validating and sanitizing the mail variable to prevent code injection until a patch is available. Restrict access to the PHP file that processes new messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.