CVE-2006-2578

Name of the Vulnerable Software and Affected Versions eSyndicat Directory version 1.2

Description The issue allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code. This is achieved by providing a null-terminated value in the path to config parameter when register globals is enabled and magic quotes gpc is disabled.

Recommendations For eSyndicat Directory version 1.2, consider disabling the register globals setting and enabling magic quotes gpc to prevent exploitation. Additionally, restrict access to the admin/cron.php file to minimize the risk of arbitrary file inclusion and potential PHP code execution. Avoid using null-terminated values in the path to config parameter until the issue is resolved.