CVE-2006-2566

Name of the Vulnerable Software and Affected Versions Alstrasoft Article Manager Pro version 1.6

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a quote character or possibly an invalid value in the action parameter in a request to "mrarticles.php" or a login QUERY STRING to "admin.php" without any additional parameters, which reveal the path in various error messages.

Recommendations For Alstrasoft Article Manager Pro version 1.6, consider restricting access to the "mrarticles.php" and "admin.php" files until a patch is available. As a temporary workaround, avoid using the action parameter in requests to "mrarticles.php" and avoid login queries to "admin.php" without additional parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.