CVE-2006-0687

Name of the Vulnerable Software and Affected Versions DocMGR version 0.54.2

Description The issue concerns the process.php file in DocMGR, where the $siteModInfo variable is not initialized when a direct request is made. This allows remote attackers to include arbitrary local files or possibly remote files by modifying the includeModule and siteModInfo variable.

Recommendations For DocMGR version 0.54.2, ensure the $siteModInfo variable is properly initialized in the process.php file to prevent arbitrary file inclusion. As a temporary workaround, consider restricting access to the process.php file or validating user input to minimize the risk of exploitation.