CVE-2006-2005

Name of the Vulnerable Software and Affected Versions ClanSys version 1.1

Description The issue allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter. This is achieved by injecting an "include" statement into the eval statement, demonstrating the eval injection vulnerability. It's worth noting that some sources describe this issue as file inclusion, but the primary concern is the eval injection itself.

Recommendations For ClanSys version 1.1, consider disabling the eval statement in index.php to prevent arbitrary PHP code execution until a patch is available. Restrict access to the page parameter to minimize the risk of exploitation.