CVE-2006-1105

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1.5 beta 1 and earlier

Description The issue allows remote attackers to obtain configuration information by making a direct request to the "includes/phpinfo.php" endpoint, which calls the phpinfo() function. There is a dispute from the vendor regarding some issues from the original disclosure, but it is unclear if this specific issue is being disputed.

Recommendations For Pixelpost versions 1.5 beta 1 and earlier, consider restricting access to the "includes/phpinfo.php" endpoint to prevent unauthorized disclosure of configuration information. As a temporary workaround, disabling the phpinfo() function call in this endpoint may also help mitigate the risk.