CVE-2006-1819

Name of the Vulnerable Software and Affected Versions phpWebSite versions 0.10.2 and earlier

Description The issue allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub dir parameter. This can be achieved by including files such as access log. In some cases, under PHP 5, it is possible to perform arbitrary remote file inclusion using an SMB share argument.

Recommendations For phpWebSite versions 0.10.2 and earlier, consider disabling the loadConfig function in index.php until a patch is available. Restrict access to the hub dir parameter to minimize the risk of exploitation. Avoid using the hub dir parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.