CVE-2006-0787

Name of the Vulnerable Software and Affected Versions Plaino Wimpy MP3 Player versions 5.2 and earlier

Description The issue allows remote attackers to insert arbitrary strings into trackme.txt via the trackFile, trackArtist, and trackTitle parameters. This can result in providing false information about songs, occupying excessive disk space with very long parameter values, and potentially storing executable code that might be invoked through a different vulnerability.

Recommendations For versions 5.2 and earlier, consider restricting access to the wimpy trackplays.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the trackFile, trackArtist, and trackTitle parameters in the affected API endpoint until the issue is resolved.