CVE-2006-2487

Name of the Vulnerable Software and Affected Versions ScozNews versions 1.2.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main path] parameter in multiple files, including functions.php, template.php, news.php, help.php, mail.php, Admin/admin cats.php, Admin/admin edit.php, Admin/admin import.php, and Admin/admin templates.php. This might be resultant from a variable overwrite issue.

Recommendations For ScozNews versions 1.2.1 and earlier, consider restricting access to the vulnerable files until a patch is available. As a temporary workaround, avoid using the CONFIG[main path] parameter in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.