CVE-2006-0244

Name of the Vulnerable Software and Affected Versions phpXplorer version 0.9.33

Description A directory traversal issue in workspaces.php allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. However, it is claimed that this functionality is supported by phpXplorer for uploading PHP files and does not cross privilege boundaries due to the PHP functionality allowing read access outside the web root.

Recommendations For phpXplorer version 0.9.33, consider restricting access to the sShare parameter in the workspaces.php file to minimize the risk of exploitation. Additionally, review the upload functionality to ensure it does not introduce security risks.