CVE-2006-2315

Name of the Vulnerable Software and Affected Versions ISPConfig versions 2.2.2 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the go info[server][classes root] parameter. The vendor has disputed this issue, stating that the affected file is not under the web root in version 2.2 and register globals is not enabled.

Recommendations For ISPConfig versions 2.2.2 and earlier, consider disabling the use of the go info[server][classes root] parameter until a patch is available or further clarification is provided by the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.