CVE-2006-2278

Name of the Vulnerable Software and Affected Versions SaphpLesson version 3.0

Description The issue allows remote attackers to obtain the full path by manipulating certain parameters in specific PHP files. This can be achieved by passing a non-array value to the hrow parameter in show.php or index.php, the Lsnrow parameter in showcat.php, or the rows parameter in index.php.

Recommendations For SaphpLesson version 3.0, consider initializing array variables to prevent remote attackers from obtaining the full path. As a temporary workaround, restrict access to the show.php, index.php, and showcat.php files to minimize the risk of exploitation. Avoid using the hrow, Lsnrow, and rows parameters in the affected API endpoints until the issue is resolved.