CVE-2006-1602

Name of the Vulnerable Software and Affected Versions: PHPNuke Clan version 3.0.1

Description: A remote file inclusion issue exists in the VWar Account module, potentially allowing attackers to include arbitrary files. This is achieved by manipulating the vwar root2 parameter with a malicious URL. The issue may stem from a problem within VWar itself, although this is not confirmed.

Recommendations: For PHPNuke Clan version 3.0.1, as a temporary workaround, consider restricting access to the includes/functions common.php file or disabling the VWar Account module until a fix is available. Avoid using the vwar root2 parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.