CVE-2006-1688

Name of the Vulnerable Software and Affected Versions: SQuery versions 4.5 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory, including multiple PHP files such as ase.php, devi.php, doom3.php, and others. This issue only occurs when register globals is disabled.

Recommendations: For SQuery versions 4.5 and earlier, consider disabling the libpath parameter or restricting access to the lib directory to minimize the risk of exploitation. Additionally, ensure that register globals is enabled to prevent this issue, but be aware of the potential security implications of this setting.