CVE-2006-1831

Name of the Vulnerable Software and Affected Versions sysinfo versions 1.21 through 2.24

Description A direct static code injection issue exists, allowing remote attackers to execute arbitrary commands. This is achieved by injecting a leading ; (semicolon) in the name parameter within a systemdoc action, which is then injected into phpinfo.php.

Recommendations For sysinfo versions 1.21 through 2.24, consider restricting access to the sysinfo.cgi file to minimize the risk of exploitation. As a temporary workaround, avoid using the name parameter in the systemdoc action until a patch is available.