CVE-2006-0724

Name of the Vulnerable Software and Affected Versions Reamday Enterprises Magic News Lite version 1.2.3

Description The issue allows remote attackers to modify program behavior, potentially bypassing authentication controls, when register globals is enabled. This is achieved via modified variables, including action, passwd, admin password, new passwd, and confirm passwd, which are not initialized.

Recommendations For Reamday Enterprises Magic News Lite version 1.2.3, consider disabling the register globals setting to prevent exploitation. Additionally, as a temporary workaround, restrict access to the profile.php file until a patch is available. Avoid using the action, passwd, admin password, new passwd, and confirm passwd variables in the profile.php file until the issue is resolved.